Pdn Description

68P09301A55–ANOV 2002ENGLISH

WHITE PAPER

TechnicalInformation

MOTOROLA–CISCO PDN IOSINTEGRATION

CDMA

SPECIFICATIONS SUBJECT TO CHANGE WITHOUT NOTICE

NoticeWhile reasonable efforts have been made to assure the accuracy of this document, Motorola, Inc. assumes no liability resulting from anyinaccuracies or omissions in this document, or from use of the information obtained herein. The information in this document has beencarefully checked and is believed to be entirely reliable. However, no responsibility is assumed for inaccuracies or omissions. Motorola,Inc. reserves the right to make changes to any products described herein and reserves the right to revise this document and to makechanges from time to time in content hereof with no obligation to notify any person of revisions or changes. Motorola, Inc. does notassume any liability arising out of the application or use of any product, software, or circuit described herein; neither does it conveylicense under its patent rights or the rights of others.It is possible that this publication may contain references to, or information about Motorola products (machines and programs),programming, or services that are not announced in your country. Such references or information must not be construed to meanthat Motorola intends to announce such Motorola products, programming, or services in your country.

Copyrights

This instruction manual, and the Motorola products described in this instruction manual may be, include or describe copyrightedMotorola material, such as computer programs stored in semiconductor memories or other media. Laws in the United States andother countries preserve for Motorola and its licensors certain exclusive rights for copyrighted material, including the exclusiveright to copy, reproduce in any form, distribute and make derivative works of the copyrighted material. Accordingly, anycopyrighted material of Motorola and its licensors contained herein or in the Motorola products described in this instruction manualmay not be copied, reproduced, distributed, merged or modified in any manner without the express written permission of Motorola.Furthermore, the purchase of Motorola products shall not be deemed to grant either directly or by implication, estoppel, orotherwise, any license under the copyrights, patents or patent applications of Motorola, as arises by operation of law in the sale of aproduct.

Usage and Disclosure Restrictions

License AgreementThe software described in this document is the property of Motorola, Inc and its licensors. It is furnished by express licenseagreement only and may be used only in accordance with the terms of such an agreement.

Copyrighted MaterialsSoftware and documentation are copyrighted materials. Making unauthorized copies is prohibited by law. No part of the software ordocumentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language orcomputer language, in any form or by any means, without prior written permission of Motorola, Inc.

High Risk ActivitiesComponents, units, or third–party products used in the product described herein are NOT fault–tolerant and are NOT designed,manufactured, or intended for use as on–line control equipment in the following hazardous environments requiring fail–safecontrols: the operation of Nuclear Facilities, Aircraft Navigation or Aircraft Communication Systems, Air Traffic Control, LifeSupport, or Weapons Systems (“High Risk Activities”). Motorola and its supplier(s) specifically disclaim any expressed or impliedwarranty of fitness for such High Risk Activities.

Trademarks

MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names arethe property of their respective owners.

Copyright 2002 Motorola, Inc.

Javat Technology and/or J2MEt: Java and all other Java–based marks are trademarks or registered trademarks of SunMicrosystems, Inc. in the U.S. and other countries.UNIXR: UNIX is a registered trademark of The Open Group in the United States and other countries.

REV091302

Foreword

NOV 2002 Motorola–Cisco PDN IOS Integration i

Scope of manual

This manual is intended for use by cellular telephone systemcraftspersons in the day-to-day operation of Motorola cellular systemequipment and ancillary devices.

This manual is not intended to replace the system and equipmenttraining offered by Motorola, although it can be used to supplement orenhance the knowledge gained through such training.

Obtaining Manuals

To view, download, or order manuals (original or revised), visit theMotorola Lifecycles Customer web page at http://services.motorola.com,or contact your Motorola account representative.

If Motorola changes the content of a manual after the original printingdate, Motorola publishes a new version with the same part number but adifferent revision character.

Text conventions

The following special paragraphs are used in this manual to point outinformation that must be read. This information may be set-off from thesurrounding text, but is always preceded by a bold title in capital letters.The four categories of these special paragraphs are:

Presents additional, helpful, non-critical information thatyou can use.

NOTE

Presents information to help you avoid an undesirablesituation or provides additional information to help youunderstand a topic or concept.

IMPORTANT

*

Presents information to identify a situation in whichdamage to software, stored data, or equipment could occur,thus avoiding the damage.

CAUTION

Presents information to warn you of a potentiallyhazardous situation in which there is a possibility ofpersonal injury.

WARNING

Foreword – continued

ii Motorola–Cisco PDN IOS Integration NOV 2002

The following typographical conventions are used for the presentation ofsoftware information:

S In text, sans serif BOLDFACE CAPITAL characters (a type stylewithout angular strokes: for example, SERIF versus SANS SERIF)are used to name a command.

S In text, typewriter style characters represent prompts and thesystem output as displayed on an operator terminal or printer.

S In command definitions, sans serif boldface characters representthose parts of the command string that must be entered exactly asshown and typewriter style characters represent command outputresponses as displayed on an operator terminal or printer.

S In the command format of the command definition, typewriterstyle characters represent the command parameters.

Reporting manual errors

To report a documentation error, call the CNRC (Customer NetworkResolution Center) and provide the following information to enableCNRC to open an MR (Modification Request):– the document type – the manual title, part number, and revision character– the page number(s) with the error– a detailed description of the error and if possible the proposed solutionMotorola appreciates feedback from the users of our manuals.

Contact us

Send questions and comments regarding user documentation to the emailaddress below:[email protected]

Motorola appreciates feedback from the users of our information.

Manual banner definitions

A banner (oversized text on the bottom of the page, for example,PRELIMINARY) indicates that some information contained in themanual is not yet approved for general customer use.

24-hour support service

If you have problems regarding the operation of your equipment, pleasecontact the Customer Network Resolution Center (CNRC) for immediateassistance. The 24 hour telephone numbers are:

North America +1–800–433–5202Europe, Middle East, Africa +44– (0) 1793–565444Asia Pacific +86–10–88417733Japan & Korea +81–3–5463–3550. . . . . . . . . . . Latin American Countries +51–1–212–4020

For further CNRC contact information, contact your Motorola accountrepresentative.

General Safety

NOV 2002 Motorola–Cisco PDN IOS Integration iii

Remember! . . . Safetydepends on you!!

The following general safety precautions must be observed during allphases of operation, service, and repair of the equipment described inthis manual. Failure to comply with these precautions or with specificwarnings elsewhere in this manual violates safety standards of design,manufacture, and intended use of the equipment. Motorola, Inc. assumesno liability for the customer’s failure to comply with these requirements.The safety precautions listed below represent warnings of certain dangersof which we are aware. You, as the user of this product, should followthese warnings and all other safety precautions necessary for the safeoperation of the equipment in your operating environment.

Ground the instrument

To minimize shock hazard, the equipment chassis and enclosure must beconnected to an electrical ground. If the equipment is supplied with athree-conductor ac power cable, the power cable must be either pluggedinto an approved three-contact electrical outlet or used with athree-contact to two-contact adapter. The three-contact to two-contactadapter must have the grounding wire (green) firmly connected to anelectrical ground (safety ground) at the power outlet. The power jack andmating plug of the power cable must meet International ElectrotechnicalCommission (IEC) safety standards.

Refer to Grounding Guideline for Cellular RadioInstallations – 68P81150E62.

NOTE

Do not operate in an explosiveatmosphere

Do not operate the equipment in the presence of flammable gases orfumes. Operation of any electrical equipment in such an environmentconstitutes a definite safety hazard.

Keep away from live circuits

Operating personnel must:

S not remove equipment covers. Only Factory Authorized ServicePersonnel or other qualified maintenance personnel may removeequipment covers for internal subassembly, or componentreplacement, or any internal adjustment.

S not replace components with power cable connected. Under certainconditions, dangerous voltages may exist even with the power cableremoved.

S always disconnect power and discharge circuits before touching them.

General Safety – continued

iv Motorola–Cisco PDN IOS Integration NOV 2002

Do not service or adjust alone

Do not attempt internal service or adjustment, unless another person,capable of rendering first aid and resuscitation, is present.

Use caution when exposing orhandling the CRT

Breakage of the Cathode–Ray Tube (CRT) causes a high-velocityscattering of glass fragments (implosion). To prevent CRT implosion,avoid rough handling or jarring of the equipment. The CRT should behandled only by qualified maintenance personnel, using approved safetymask and gloves.

Do not substitute parts ormodify equipment

Because of the danger of introducing additional hazards, do not installsubstitute parts or perform any unauthorized modification of equipment.Contact Motorola Warranty and Repair for service and repair to ensurethat safety features are maintained.

Dangerous procedurewarnings

Warnings, such as the example below, precede potentially dangerousprocedures throughout this manual. Instructions contained in thewarnings must be followed. You should also employ all other safetyprecautions that you deem necessary for the operation of the equipmentin your operating environment.

Dangerous voltages, capable of causing death, are present in thisequipment. Use extreme caution when handling, testing, andadjusting.

WARNING

Version 1.0 Motorola – Cisco IOS Network Integration Page 1 of 30

Motorola - Cisco PDN IOS Integration

White Paper

Note: This is a dynamic document that is subject to change without notice.

Abstract: This document addresses the integration between Motorola RAN (Radio Access Network) and Cisco PDSN/HA running Release 1.2 using Cisco AR3.0.

Motorola, Inc. Inter Vendor Verification and Validation Group

5555 N. Beach St. Fort Worth, Texas 76137


Revision History This revision history page is intended to ensure that all parties are knowledgeable of the additions, deletions, and updates made to the white paper.

Version Sections Date Authors Description

0.1 All Oct. 9, 2002 Tracy McElvaney Initial Draft 0.2 All Oct. 14, 2002 Tracy McElvaney Updates after review by Cisco Dev/Test group 1.0 All Nov. 15, 2002 Tracy McElvaney Updates after review by TIPS and MOT

development, additional information on upgrade strategy, corrections to config file

statements.


Glossary A A10 / A11 – IOS packet data interface between PCF and PDSN. See also RP. AAA – Authentication, Authorization and Accounting Server AN – Access Node AR – Access Registrar (see AAA) AREGCMD – Cisco Access Registrar Command Line Interface B BTS – Base Transceiver Station BVI – Bridged Virtual Interface C CAT (6509) – Cisco Catalyst 6509 switch used in Motorola Access Node CBSC – Centralized Base Station Controller CCO – Cisco Connection Online CDG – CDMA Data Group CDMA – Code Division Multiple Access CDMA-Ix – CDMA RP interface defined on Cisco PDSN CLI – Command Line Interface D E F FA – Foreign Agent (see also PDSN) FE – Fast Ethernet FTP – File Transfer Protocol G H HA – Home Agent Home AR – AAA serving the Home Agent for MIP connections. HSRP – Hot Standby Routing Protocol I IMSI – International Mobile Station Identity IOS – Inter-Operability Specification IP – Internet Protocol IPSEC – Internet Protocol Security IVVV – Inter-Vendor Verification and Validation L Local AR – AAA serving the PDSN/FA for local connections.

M MIP – Mobile Internet Protocol MN – Mobile Node MN-AAA – Mobile Node to AAA authentication (Mobile IP only). MN-HA – Mobile Node to Home Agent Authentication (Mobile IP only). MPPC – Microsoft Point-to-Point Compression Protocol N NAS – Network Address Server O 1X - RTT – CDMA 2000 Radio Transmission Technology (1 * 1.25MHz spread spectrum) OMC – Operations and Maintenance Center OSPF – Open Shortest Path First P PA – Port Adapter PCF – Packet Control Function PDN – Packet Data Network PDSN – Packet Data Serv ing Node Pi – Payload Interface PPP – Point-to-Point Protocol Q R RAN – Radio Access Network RP – Radio Packet Interface (see also A10/A11) S SA-ISA – IPSEC Service Adapter for Cisco PDSN/HA SIP – Simple Internet Protocol T TCP – Transfer Control Protocol TX - Transceiver U V VJ TCP/IP – Van Jacobsen TCP/IP Header Compression VLAN – Virtual Local Area Network VPDN – Virtual Private Dial-up Networking VPN – Virtual Private Networking


1 References [1] Cisco Packet Data Serving Node (PDSN) Release 1.2 ; published by Cisco on CCO web site. [2] Relase Notes for the Cisco PDSN 1.2 feature in Cisco IOS release 12.2(8)BY ; published by Cisco on CCO web site. [3] Cisco CDMA2000 Home Agent ; published by Cisco on CCO web site. [4] Release Notes for the Cisco Home Agent 1.2 feature in Cisco IOS release 12.2(8)BY ; published by Cisco on CCO web site. [5] Cisco-Motorola CDMA 1XRTT Packet Network Configuration; ENG119255 version 2.1; published internally to test groups by Cisco Systems [6] Cisco Access Registrar 3.0 Documentation ; published by Cisco on CCO web site. * The Cisco CCO web site can be accessed at http://www.cisco.com


Table of Contents 1 REFERENCES ......................................................................................................................................................................4

2 SCOPE.....................................................................................................................................................................................6

3 IVVV CISCO PDN TEST BED ........................................................................................................................................7

4 PDN NETWORK OVERVIEW .......................................................................................................................................8 4.1 SUPPORTED PDSN/HA CONFIGURATIONS................................................................................................................. 8 4.2 CLUSTER CONFIGURATIONS.......................................................................................................................................... 9

4.2.1 Stand-alone Configuration (RAN PDSN Cluster Control) ............................................................................9 4.2.2 Peer-to-Peer Clustering.......................................................................................................................................9 4.2.3 Controller/Member Clustering...........................................................................................................................9

4.3 NETWORK CONFIGURATIONS........................................................................................................................................ 9 4.3.1 Direct to AN .........................................................................................................................................................10 4.3.2 Distributed in Customer Network.....................................................................................................................11

5 SIMPLE IP DATABASE PROVISIONING...............................................................................................................12 5.1 PDSN CONFIGURATION............................................................................................................................................... 12 5.2 PEER-TO-PEER CLUSTERING....................................................................................................................................... 15 5.3 CONTROLLER/MEMBER CLUSTERING........................................................................................................................ 15

5.3.1 PDSN Controller Configuration.......................................................................................................................15 5.3.2 PDSN Member Configuration...........................................................................................................................18

5.4 CBSC DATABASE PROVISIONING.............................................................................................................................. 18 5.5 AN DATABASE.............................................................................................................................................................. 19

5.5.1 Add the VLANs.....................................................................................................................................................20 5.5.2 Configure the VLAN interfaces.........................................................................................................................20 5.5.3 Configure the Layer 2 Switched Ports.............................................................................................................22 5.5.4 Configure the OSPF routing table...................................................................................................................23

5.6 LOCAL AAA DATABASE PROVISIONING................................................................................................................... 23 5.6.1 Verify the PDSN Client has been added to the AR........................................................................................24 5.6.2 Verify the User Record .......................................................................................................................................24 5.6.3 Verify the User Profile .......................................................................................................................................25

6 MOBILE IP DATABASE PROVISIONING..............................................................................................................26 6.1 HA CONFIGURATION.................................................................................................................................................... 26 6.2 PDSN MOBILE-IP CONFIGURATION.......................................................................................................................... 28 6.3 HOME AAA CONSIDERATIONS................................................................................................................................... 29

7 UPGRADE CONSIDERATIONS ..................................................................................................................................30 7.1 UPGRADING PDSN / HA DEVICES ............................................................................................................................ 30 7.2 UPGRADING THE AR..................................................................................................................................................... 30


2 Scope This document is intended to provide a description of the steps required to integrate the Motorola CDMA 1X-RTT RAN and Cisco 7206 VXR NPE-400 running Cisco PDSN/HA Release 1.2. The corresponding Cisco AR release used for this integration is 3.0. This paper will ensure the respective systems inter-operate through Motorola’s CDMA CDG A10/A11 IOS Interface. Since there is no Motorola specific requirement for the configuration of the Cisco AR, it will not be addressed in this document. The relevant AR material required for configuration can be accessed by the hyperlink in the References section.

This document is a technically oriented guide that will describe and explain the steps to deploy a Motorola-Cisco IOS system. It has been assumed that the necessary database is already data filled on CBSC and required IP planning is in place for the Cisco PDN and Access Node. The integration process has been implemented and tested in the IVVV lab in Fort Worth. Disclaimer: This paper is not intended to replace installation/configuration documentation provided by either Motorola or Cisco. It is intended to provide the guidance necessary to ensure successful integration of the Motorola RAN with the Cisco PDSN. All information in this document is based on experiences learned during the IVVV certification of the Cisco PDN Release 1.2. It is the end user’s responsibility to have at their disposal all related installation/configuration documentation provided by each company. Due to the complex nature of the networking equipment involved, this document will not attempt to cover all possible configurations.


3 IVVV Cisco PDN Test Bed

HA-1 / Controller-2 / PDSN-3

PCF-1

PCF-2

PCF-3

Access Node

PDSN-2

PDSN-1

Controller-1 / HA-2 / PDSN-4

Local AR

Home AR

FTP Server

Internet

Firewall

Fa0/0 Fa0/1

Fa1/0 Fa2/0

DNX-11

Data Client: Win2K Win98 Linux Mobile Nodes: Motorola 120X Kyocera 2345 Qualcomm Twister

BTS -1

BTS -2

BTS -3


4 PDN Network Overview

4.1 Supported PDSN/HA Configurations The recommended hardware configuration for the Cisco 7200-VXR based PDSN/HA is given below.

PA-FE-TX

1 port fast ethernet

PA-FE-TX

1 port fast ethernet

I / O Controller

2 10/100 TX Ethernet Ports

2 PCMCIA Slots

SA-ISA

Figure 1: Recommended Hardware Configuration for PDSN/HA

The two Fast Ethernet port adaptors (PA-FE-TX) will be configured for RP and Pi traffic. For Motorola’s implementation, which uses OSPF routing, it is recommended that one FE port adaptor will handle all incoming traffic to the PDSN, while the other FE port adaptor will be configured to handle all outgoing traffic from the PDSN. AAA and Network Management traffic will be handled by the two 10/100 Ethernet ports hosted on the I/O controller and configured using a BVI. If the PDSN/HA will support IPSEC, an SA-ISA service adaptor is required. The SA-ISA card should be in the identical slot as above (slot 4/1). The SA-ISA card is not required for a PDSN controller. This recommended configuration takes into account port adaptor redundancy, switching redundancy, back office traffic redundancy, and cluster controller redundancy. For Release 1.2, there are several types of PDSN / HA images, depending on the performance, clustering capabilities and extended features that will be supported. The following table will explain which image types are required for different PDSN/HA configurations. Image Name Description Comments C7200-c5is-mz Basic PDSN Image Peer-to-Peer Clustering, no prepaid, lower

session capacity C7200-c5ik9s-mz Basic PDSN w/

IPSEC Peer-to-Peer Clustering, no prepaid, requires SA-ISA adapter

C7200-c6is-mz Enhanced PDSN Controller/Member Clustering or Peer-to-Peer Clustering, Prepaid support

C7200-c6ik9s-mz Enhanced PDSN w/ IPSEC

Controller/Member Clustering or Peer-to-Peer Clustering, Prepaid support, requires


SA-ISA adapter C7200-h1is-mz Basic HA Image Use with C7200-c5is-mz or C7200-c6is-

mz image C7200-h1ik92-mz Basic HA image w/

IPSEC support Use with C7200-c5ik9s-mz or C7200-c6ik9s-mz image

*Note: Special export requirements apply to all IPSEC images which will be installed outside the United States.

4.2 Cluster Configurations

4.2.1 Stand-alone Configuration (RAN PDSN Cluster Control) In the stand-alone mode, a PDSN maintains only its local session information and cannot perform handoff avoidance or load balancing with other PDSN devices. To configure a PDSN cluster, the OMC database should be populated with a cluster list of PDSNs, and then a group of PCFs must be associated with that cluster list. This cluster list will be used by all associated PCFs for distributing calls to the PDSN devices defined. In 16.1, the PCF will employ a user-defined selection scheme to distribute the load between all PDSN devices in a cluster. The choices for PCF-based PDSN selection are 1) ACTIVE/STANDBY, 2) IMSI Hashing, 3) ROUND ROBIN. Stand-alone configuration can be used with any PDSN image.

4.2.2 Peer-to-Peer Clustering In the Peer-to-Peer Cluster, each PDSN is configured to communicate its session information to all other PDSN devices in the cluster, using multi-cast IP messages. This configuration is resource intensive and limits the capacity of the cluster because each PDSN has to maintain the global session information of the entire cluster. In Peer-to-Peer clustering, the PCF can have one or all of the PDSN devices in its cluster configuration. Load balancing and handoff avoidance will occur between the PDSNs based on global session information. Peer-to-Peer clustering is supported by both c5 and c6 PDSN images.

4.2.3 Controller/Member Clustering PDSN Release 1.2 introduces the Controller/Member clustering feature, which significantly improves the cluster capacity by provisioning a dedicated cluster controller or redundant cluster controller group. This controller performs the PDSN selection function and maintains the global session tables for the entire cluster. No user traffic is handled by a Cluster Controller. Using the HSRP protocol, a redundant Controller can be configured. With redundancy enabled, the global session tables will be synchronized between the active and standby controllers. Redundant HSRP groups are also supported. The Controller will load balance and perform inter-PDSN handoff avoidance for all members in its cluster. In the Controller/Member configuration, the PCF should be configured to have only the Controller in its Cluster IP list on the OMC. The HSRP address is used in the OMC PDSN cluster configuration for a controller instead of the CDMA-Ix interface as with the stand-alone PDSN. Controller/Member clustering is only supported by the c6 PDSN images. 4.3 Network Configurations In the network design phase, the customer will decide on one of two possible network design alternatives. The PDSN/HA/AR can either be “tethered” to an AN in which all devices will be


physically connected to a single AN, or any combination of the devices can be configured in a distributed fashion such that the AN routes packets from the PCF to the customer network and on to a PDSN/HA/AR, which is physically located remotely in the customer’s network.

4.3.1 Direct to AN In the direct configuration, the PDSN/HA and AR devices (or any combination thereof) will be directly connected to the CAT 6509 routers in the Access Node. The routing should be configured using OSPF and VLANs so that redundancy and load sharing are maximized. In the direct configuration, there are several configuration principles to consider.

In the direct configuration, three VLANs are set up on each CAT. VLAN 1 is designated as the BVI VLAN. This VLAN will carry all AAA/NMS traffic to and from the PDSN/HA devices. VLAN 2 is designated as the outgoing RP/Pi and MIP VLAN. This VLAN will be configured on the AN, with a lower OSPF cost in order to route all RP/Pi and MIP traffic out of the AN to the PDSN/HA devices. Finally VLAN 3 is designated as the incoming RP/Pi and MIP VLAN. This VLAN will be configured with a higher OSPF cost value than VLAN 2 in order to act as a redundant route to the outgoing RP/Pi and MIP traffic. The OSPF cost settings on corresponding PDSN/HA interfaces will be configured in the opposite fashion to control the flow of traffic out of the PDSN.

Figure 2: Default Routing Diagram of PDSN directly connected to AN *Note that VLAN-3 is also defined in CAT-1, and VLAN-2 is also defined in CAT-2, although no physical Ethernet ports will be switched into those VLANs on the opposite CAT. This is to allow for OSPF routing of packets coming in from the PCF or network, which may enter on an opposite CAT interface. By defining each VLAN in both CATs, the VLANs will use the ISL trunk to route packets destined for that VLAN to the other CAT, where the physical port is switched into the VLAN. Any AR that is directly connected to the AN will be connected to the AR/NMS VLAN (VLAN-1) on CAT-1. If the Controller/Member clustering and/or redundant HA schemes are used, it recommended that a fourth VLAN be added as a Controller and HA BVI VLAN. The PDSN controller and redundant HA configurations use an HSRP interface as the primary interface. This means that

AR / NMS Bridge VLAN-1 PDSN

CAT-1

CAT-2

VLAN-2

VLAN-3

RP/Pi or MIP to PDSN/HA

RP/Pi or MIP from PDSN/HA


OSPF routing on the FE Port Adapters will not be possible. In order to maintain port redundancy, a second BVI needs to be created to act as a virtual interface for the HSRP configuration. An example of the Controller/HA connectivity diagram is below. This document will cover the redundant HA and Controller configurations. For the non-redundant HA configuration, the PDSN example configuration can be used as a model for configuring the HA interfaces (fa1/0 and fa2/0) as they are identical to the PDSN, or the redundant approach can be followed even though a redundant device is not yet deployed. The latter will provide for ease of migration if a redundant HA/Controller ever is deployed.

4.3.2 Distributed in Customer Network In the remote configuration, the PDSN/HA and AR devices (or any combination thereof) will be located remotely from the Access Node, and configuration on the CAT-6509 devices will be much less complex than in the direct configuration. In the remote configuration, it is recommended that redundant links be configured on each CAT-6509 in the AN and that the OSPF priorities be set such that load sharing occurs between the CATs. The remote configuration example will not be covered in this document, as there are too many possibilities to consider.

AR/NMS Bridge VLAN-1

CAT-1

CAT-2

VLAN-4

VLAN-4

RP / MIP Bridge

RP / MIP Bridge

PDSN Controller / Redundant HA


5 Simple IP Database Provisioning The following section has been formatted to cover the typical PDSN configuration for a Motorola network using OSPF routing. The generic product documentation does not take into account the routing protocols that may be used by different vendors/customers. 5.1 PDSN Configuration Listed below are the key actions which are required for basic PDSN operation.

o Enable PDSN Services. o Define the CDMA-Ix Interface, which will be the PDSN address known to a PCF

in the RAN network. o Define the Loopback interface, which will be known to the public network and

used for Layer 3 routing purposes. o Define the Loopback interface, which will be used for terminating the PPP links

of the mobile nodes. o Define Virtual Template Interface for terminating PPP sessions. o Define the Bridge Group Virtual Interface, which will be used for Network

Management, AAA and Peer-to-Peer clustering communication (if supported). o Configure the PDSN for AR communications. o Enable RP Signaling.

A sample configuration file of the basic PDSN is given below. The generic configuration file listed in Cisco’s PDSN documentation was taken and modified to fit Motorola’s generic configuration template. This template was verified and used during lab testing of Cisco 1.2 PDN in the IVVV lab. Note tha t this template enables the enhanced PDSN service with Controller/Member clustering. Also, this image is IPSEC capable, but IPSEC has not been configured. For IPSEC, Prepaid, VPN or other enhanced features, please refer to the Cisco configuration documentation, as there is no Motorola specific configuration documentation required. version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service cdma pdsn ! hostname pdsn_A ! boot system flash disk0:c7200-c6ik9s-mz.122-8.BY.bin ! Configure AAA services aaa new-model ! ! aaa group server radius MOT server 5.2.250.11 auth-port 1645 acct-port 1646 ! aaa authentication ppp default local group MOT


aaa authorization config-commands aaa authorization network default group MOT aaa authorization configuration default group MOT aaa accounting update periodic 60 aaa accounting network pdsn start-stop group MOT aaa session-id common enable password ivvv ! username pdsnA ip subnet-zero no ip gratuitous-arps ip cef ! controller ISA 4/1 ! ! Enable IRB routing protocol for bridge virtual interface bridge irb ! interface Loopback0 no ip address ! ! Configure PPP virtual loopback address interface Loopback1 ip address 5.2.254.245 255.255.255.255 ! ! Configure RP Interface interface CDMA-Ix1 description PDSN A RP Interface ip address 5.2.254.225 255.255.255.255 no ip mroute-cache tunnel source 5.2.254.225 ! ! FA0/0 and FA0/1 will be for AR/NMS communications ! AR/NMS interfaces will be configured as a Virtual Bridge interface FastEthernet0/0 description AR/NMS to CAT1 fa3/5 no ip address duplex full speed 100 bridge-group 1 ! interface FastEthernet0/1 description AR/NMS to CAT2 fa3/5 no ip address duplex full speed 100 bridge-group 1 ! !FA1/0 and FA2/0 will be for RP/Pi traffic ! RP/Pi traffic will be routed into FA1/0 and out of FA2/0 using OSPF interface FastEthernet1/0 description RP/Pi in from CAT1 fa3/13 ip address 5.2.250.33 255.255.255.240 ip ospf message-digest-key 1 md5 CISCO ip ospf cost 4 ip ospf hello-interval 30


duplex full ! interface FastEthernet2/0 description RP/Pi out to CAT2 fa3/13 ip address 5.2.250.49 255.255.255.240 ip ospf message-digest-key 1 md5 CISCO ip ospf cost 3 ip ospf hello-interval 30 duplex full ! ! Configure PPP Virtual Template interface Virtual-Template1 ip unnumbered Loopback1 ip ospf network point-to-point peer default ip address pool pdsna_sip ppp accm 0 ppp authentication chap pap optional ppp accounting none ppp timeout idle 2000 ! ! Configure Virtual Bridge Interface for AR/NMS interface BVI1 description AR/NMS Bridge ip address 5.2.250.5 255.255.255.240 no ip mroute-cache ! ! Configure OSPF routing table router ospf 100 log-adjacency-changes area 200 authentication message-digest redistribute connected subnets passive-interface Virtual-Template1 network 5.2.250.33 0.0.0.0 area 200 network 5.2.250.49 0.0.0.0 area 200 ! ! Configure local IP pool for PPP ip local pool pdsna_sip 5.2.254.1 5.2.254.7 ip classless no ip http server ip pim bidir-enable ! ip radius source-interface BVI1 ! ! Configure RADIUS server (local AAA) radius-server host 5.2.250.11 auth-port 1645 acct-port 1646 key cisco radius-server retransmit 3 radius-server deadtime 5 radius-server vsa send accounting 3gpp2 radius-server vsa send authentication 3gpp2 ! Configure RP Interface paramters cdma pdsn virtual-template 1 cdma pdsn a10 max-lifetime 36000 cdma pdsn msid-authentication ! Define default security association for PCF devices cdma pdsn secure pcf default spi 100 key hex 31313131313131313131313131313131 ! Enable ieee bridge protocol and enable ip routing


bridge 1 protocol ieee bridge 1 route ip call rsvp-sync ! mgcp profile default ! dial-peer cor custom ! gatekeeper shutdown ! line con 0 line aux 0 line vty 0 4 ! ntp clock-period 17180175 ntp server 5.2.0.1 ! end

5.2 Peer-to-Peer Clustering The following information should be entered into any PDSN participating in Peer-to-Peer communications. Please do not execute these commands if the PDSN is operating in stand-alone or in Controller/Member clustering mode.

! ! Define the cluster security association cdma pdsn secure cluster default spi 100 key ascii cisco ! Define the interface to use for PDSN selection cdma pdsn selection interface CDMA-Ix1 ! Configure load parameters cdma pdsn selection session-table-size 8000 cdma pdsn selection load-balancing threshold 7500

5.3 Controller/Member Clustering In order to enable Controller/Member clustering, a 7206 VXR must be designated and configured as the Controller. Once the controller is enabled, then member PDSNs can be configured into the cluster. Controller redundancy is supported using the HSRP protocol. The Controller does not carry any user traffic.

5.3.1 PDSN Controller Configuration The following information details a basic configuration for a Controller in the Controller/Member configuration. Please do not enter these commands if the device is meant to operate in the stand-alone or Peer-to-Peer clustering modes. Note that the BVI will still be used by the Controller for NMS communications. Redundant OSPF routes will be configured to route Controller/Member signaling information. If controller redundancy is configured (as in the following example), an HSRP address will be assigned to FA1/0. This means that, if communications to FA1/0 is lost, or if the Controller fails, the standby controller will take over as primary. Note that an SA-ISA card is not required for the controller, since it does not handle any user traffic.


Current configuration : 1806 bytes ! ! Last configuration change at 15:35:42 UTC Tue Oct 1 2002 ! NVRAM config last updated at 15:35:42 UTC Tue Oct 1 2002 ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption service cdma pdsn ! hostname controller_A ! boot system flash disk0:c7200-c6ik9s-mz.122-8.BY.bin enable password ivvv ! username contA ip subnet-zero no ip gratuitous-arps ip cef ! ! ! Enable IRB routing protocol bridge irb ! ! ! FA0/0 and Fa0/1 will be used for NMS communications ! Controller does not communicate with AAA ! BVI 1 will be used as NMS bridge interface FastEthernet0/0 description AR/NMS to CAT1 fa3/3 no ip address duplex full speed 100 bridge-group 1 ! interface FastEthernet0/1 description AR/NMS to CAT2 fa3/3 no ip address duplex full speed 100 bridge-group 1 ! ! FA1/0 and FA2/0 will be used for RP proxy signalling to members ! BVI 2 will be used for RP signalling bridge interface FastEthernet1/0 description RP to CAT1 fa3/22 no ip address duplex full bridge-group 2 ! interface FastEthernet2/0 description RP to CAT2 fa3/22 no ip address duplex full


bridge-group 2 ! interface BVI1 description AR/NMS Bridge ip address 5.2.250.3 255.255.255.240 no ip mroute-cache ! interface BVI2 description RP Bridge ip address 5.2.252.3 255.255.255.0 no ip mroute-cache standby 2 ip 5.2.252.11 standby 2 priority 100 standby 2 name Control_Group_A ! ! Define Gateway of last resort so controller can route packets ip classless ip route 0.0.0.0 0.0.0.0 5.2.252.13 no ip http server ip pim bid ir-enable ! ! ! Define default PCF security association and cluster parameters cdma pdsn secure pcf default spi 100 key hex 31313131313131313131313131313131 cdma pdsn secure cluster default spi 100 key ascii cisco cdma pdsn cluster controller standby Control_Group_A cdma pdsn cluster controller interface BVI 2 cdma pdsn cluster controller timeout 10 cdma pdsn cluster controller window 2 bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! gatekeeper shutdown ! ! line con 0 line aux 0 line vty 0 4 login ! ntp clock-period 17179958 ntp server 5.2.0.1 ! end


5.3.2 PDSN Member Configuration The following data should be entered into each PDSN that will function as a member of a cluster. Please do not enter this information into the Cluster Controller or into a PDSN that is meant to operate in the stand-alone or Peer-to-Peer clustering modes.

! cdma pdsn secure cluster default spi 100 key ascii cisco ! Controller address should be the HSRP address of BVI 2 cdma pdsn cluster member controller 5.2.252.11 cdma pdsn cluster member interface CDMA-Ix1 cdma pdsn cluster member timeout 10 cdma pdsn cluster member window 2 !

5.4 CBSC Database Provisioning Using the following example, add the PDSN cluster on the OMC CLI. For Peer-to-Peer configurations and/or stand-alone configuration, any number of PDSNs in Peer selection group (maximum of 16) can be added in one OMC PDSN cluster. For Controller-Member configurations, only the primary controller should be added to the OMC PDSN cluster.

I3V-SUNOMC1-000642 > add pdsn-<cluster_id> ! expecting an integer number (from 1 to 16) NUMPDSNS= ? <number of PDSNs in cluster>

?? Stand Alone: between 1 and 16 PDSNs may be entered ?? Controller/Member: Only the controller address is needed

expecting an integer number (from 0x00000100 to 0xffffffff) SPI= ? 0x100 Enter a string of characters surrounded with double quotes SECURITYKEY= ? “31313131313131313131313131313131” expecting an enumerated value: N Y SUMMARIZED= ? n expecting IP address (or subnet mask) from 000.000.000.000 to 255.255.255.255 surrounded by double quotes IPADDRESS= ? <IP Address of RP Interface>

?? CDMA-IX 1 for PDSN in stand alone or Peer-to-Peer ?? HSRP address for Controller

expecting IP address (or subnet mask) from 000.000.000.000 to 255.255.255.255 surrounded by double quotes SUBNETMASK= ? <subnet mask of PDSN network> expecting an integer number (from 1 to 32767) IPFROM= ? <indicates cluster which PDSN IP addresses are taken fro m (optional)> expecting an enumerated value: ACTIVESTANDBY IMSIHASHING ROUNDROBIN


SELSCHEME= ? <PDSN selection scheme> expecting an integer number (from 0 to 16) PRIMARYINDEX= ? <index of PDSN>

?? If ACTIVESTANDBY is used, which PDSN will be Primary expecting an integer number (from 0 to 16) SECONDARYINDEX= ? <index if PDSN>

?? If ACTIVESTANDBY is used, which PDSN will be secondary expecting an enumerated value: ALLOW_NVOSE NO_NVOSE NVOSEMODE= ? ALLOW_NVOSE expecting an enumerated value: NO_SECTOR_ID STANDARD BSIDFORMAT= ? STANDARD expecting an enumerated value: NO YES RESERVED1= ? NO expecting an enumerated value: NO YES RESERVED2= ? NO o Standard BASE ID is as defined by 3GPP2, Non-Standard BASE ID omits sector id and

shifts remaining 3 elements pre-pending the ID with an ascii “0”. Non-Standard BASE ID should not be used unless required by PDSN/AAA

o Allowing NVOSE will cause PCF to also pass PANID/CANID, ESN and 3GPP2 Active time

in IOS 4.1 Registration Request Message. No NVOSE will remove the NVOSE, PANID/CANID and ESN and pass Registration Request message per IOS 4.0.

Once the PDSN cluster is defined, the following CLI command should be executed for all PCF devices that will operate using the above cluster list.

ITID-OMC2-000106 > edit pktpcf-<cbsc#>-<pcf#> pdsn add <cluster#>!

5.5 AN Database The AN database configuration should be determined by the IP design of the system. The following examples give a generic overview as the required steps for integrating a PDSN/AR into the Access Node. It is impossible to determine the AN configuration for a distributed network design whereby the PDN equipment is located remotely from the Access Node. Therefore, the following example will detail the steps required to configure the AN according to the PDSN configuration given in the previous section.

o RP/Pi traffic should be routed into the PDSN on the PA (FA1/0) interface from CAT-1, and out of the PDSN on the other PA interface (FA2/0) to CAT-2 in order to maximize redundancy and loading on the interfaces. This is accomplished by setting the OSPF priorities correctly on the CAT and PDSN.


o There should be three VLANs configured for routing the PDN traffic. VLAN-1 should be the VLAN carrying traffic into the PDSN from CAT-1. VLAN-2 should be the VLAN carrying traffic out of the PDSN into CAT-2. VLAN-3 should be the AAA/NMS VLAN carrying RADIUS signalling and any cluster messaging for cluster configurations.

o Care should be taken when configuring VLAN-1 and VLAN-2. Although both VLANs need to be configured in each CAT (this enables VLAN trunk routing over the ISL links), no ports from CAT-1 should be switched into VLAN-2. Also the converse holds that no ports from CAT-2 will be switched into VLAN-1.

o If PDSN Controller and/or redundant HA features are part of the network design, the a fourth VLAN will be added and configured as a Bridge (just like the AR/NMS VLAN).

5.5.1 Add the VLANs Add the VLANs to each CAT for routing PDN traffic

MLS-1-1#vlan database MLS-1-1(vlan)#vlan <vlan number> name RP_PI_to_PDSN MLS-1-1(vlan)#vlan <vlan number> name RP_PI_from_PDSN MLS-1-1(vlan)#vlan <vlan number> name AR_NMS_VLAN MLS-1-1(vlan)#vlan <vlan number> name Controller_HA_VLAN MLS-1-1(vlan)#exit

5.5.2 Configure the VLAN interfaces Configure CAT-1 VLANs.

!VLAN 300 will be AR/NMS VLAN !Note: All PDSN/HA fa0/0 interfaces will be switched into CAT-1 VLAN 300 interface Vlan300 description AR/NMS VLAN CAT1 ip address 5.2.250.13 255.255.255.240 no ip redirects ntp broadcast ! !VLAN 301 will be the default outgoing route to the PDSN/HA !Note: All PDSN/HA fa1/0 interfaces will be switched into CAT-1 VLAN 301 interface Vlan301 description RP/Pi/MIP to PDSN/HA ip address 5.2.250.45 255.255.255.240 no ip redirects ip ospf message-digest-key 1 md5 CISCO ip ospf cost 3 ip ospf hello-interval 30 ntp broadcast ! !VLAN 302 will be the redundant outgoing route to the PDSN/HA !Note: no interfaces on CAT-1 will be switched into VLAN302 interface Vlan302 description RP/Pi/MIP from PDSN/HA ip address 5.2.250.61 255.255.255.240 no ip redirects ip ospf message-digest-key 1 md5 CISCO


ip ospf cost 4 ip ospf hello-interval 30 ntp broadcast !VLAN 500 will be the Controller/HA VLAN !Note: All Controller/HA fa1/0 interfaces will be switched into CAT-1 VLAN 500 interface Vlan500 description Controller/HA VLAN CAT1 ip address 5.2.252.13 255.255.255.240 no ip redirects ntp broadcast ! Configure the CAT-2 VLANs !VLAN 300 will be AR/NMS VLAN !Note: All PDSN/HA fa0/1 interfaces will be switched into CAT-2 VLAN 300 interface Vlan300 description AR/NMS VLAN CAT2 ip address 5.2.250.14 255.255.255.240 no ip redirects ntp broadcast ! !VLAN 301 will be the default outgoing route to the PDSN/HA !Note: No PDSN/HA interfaces will be switched into CAT-2 VLAN 301 interface Vlan301 description RP/Pi/MIP to PDSN/HA ip address 5.2.250.46 255.255.255.240 no ip redirects ip ospf message-digest-key 1 md5 CISCO ip ospf cost 3 ip ospf hello-interval 30 ntp broadcast ! !VLAN 302 will be the redundant outgoing route to the PDSN/HA !Note: All fa2/0 interfaces on PDSN/HA will be switched into CAT-2 VLAN 302 interface Vlan302 description RP/Pi/MIP from PDSN/HA ip address 5.2.250.62 255.255.255.240 no ip redirects ip ospf message-digest-key 1 md5 CISCO ip ospf cost 4 ip ospf hello-interval 1 ip ospf dead-interval 3 ntp broadcast !VLAN 500 will be the Controller/HA VLAN !Note: All Controller/HA fa2/0 interfaces will be switched into CAT-2 VLAN 500 interface Vlan500 description Controller/HA VLAN CAT1 ! In this example, the netmask is set to 24 bits to ! include the addresses which will be used for the MIP virtual network ! Customers may employ alternate routing techniques to achieve the same goal. ip address 5.2.252.14 255.255.255.0 no ip redirects ntp broadcast


!

5.5.3 Configure the Layer 2 Switched Ports Each router (PDSN/HA/Controller) will have four ports switched into the appropriate VLAN. All ports will be configured in the same fashion. The following is an example of a single PDSN configured for the above VLAN assignments. The same configuration principle applies to HA/Controllers as well. CAT-1 port assignments ! interface FastEthernet3/3 description AR/NMS from PDSN A fa0/0 no ip address duplex full speed 100 switchport switchport access vlan 300 switchport mode access end ! interface FastEthernet3/23 description RP/Pi to PDSN A fa1/0 no ip address duplex full speed 100 switchport switchport access vlan 301 switchport mode access end CAT-2 port assignments ! interface FastEthernet3/3 description AR/NMS to PDSN A fa0/1 no ip address duplex full speed 100 switchport switchport access vlan 300 switchport mode access end ! interface FastEthernet3/23 description RP/Pi from PDSN A fa2/0 no ip address duplex full speed 100 switchport switchport access vlan 302 switchport mode access


end

5.5.4 Configure the OSPF routing table Enter the connected networks into the CAT OSPF routing table. An example of the connected networks would be the network used for each VLAN defined (PA and BVI) on that particular CAT. Please note that the wildcard bits will most likely be different based on core IP network design.

Example of the network statements in the router ospf 100 routing table:

router ospf 100 . . ! set authentication type for PDN ospf area area 200 authentication message-digest . . ! 250 subnet is PDSN address range network 5.2.250.0 0.0.0.255 area 200 ! 252 subnet is the Controller/HA address range network 5.2.252.0 0.0.0.255 area 200

* For Mobile IP applications, always ensure that the AN routing tables are able to route to the virtual network addresses configured for MIP users.

5.6 Local AAA Database Provisioning The following section will discuss specific details on basic checks for ensuring that the PDSN and user exist in the AR database. Overall Cisco AR configuration and setup should be reviewed in the Cisco documentation. To start the Cisco AR CLI tool (aregcmd), login to the server and change execute the following command: # /opt/CSCOar/bin/aregcmd -s This will initiate the aregcmd interface and give the user access to the AR. Once the AR has successfully started, the following should be seen: Cisco Access Registrar 3.0R0 Configuration Utility Copyright (C) 1995-2002 by Cisco Systems, Inc. All rights reserved. Logging in to localhost [ //localhost ] LicenseKey = <license ###> Radius/ Administrators/ Server 'Radius' is Running, its health is 10 out of 10 -->


5.6.1 Verify the PDSN Client has been added to the AR Refer to the following example to verify the PDSN client exists in the AR database. --> cd radius/clients [ //localhost/Radius/Clients ] Entries 1 to 3 from 3 total entries Current filter: <all> ivvv_pdsn1/ ivvv_pdsn2/ localhost/ --> cd ivvv_pdsn1 [ //localhost/Radius/Clients/ivvv_pdsn1 ] Name = ivvv_pdsn1 Description = IPAddress = 5.2.250.5 SharedSecret = cisco Type = NAS Vendor = IncomingScript~ = OutgoingScript~ = UseDNIS = FALSE DeviceName = DevicePassword = The above example shows a default PDSN client (type NAS) has been added and a shared secret exists (cisco). This shared secret must match the secret defined in the “radius-server host” command on the PDSN.

5.6.2 Verify the User Record The following command shows the user ivvv_tester has been added under the default local user list ISPABCLocalUsers. Note that each AR may have several different userlists defined depending on whether the user is Mobile IP, VPDN, Simple IP etc. Notice that the user has no attributes defined, but it does reference a base profile. This means the profile should be verified for accuracy. --> cd /Radius/UserLists/ISPABCLocalUsers/ivvv_tester [ //localhost/Radius/UserLists/ISPABCLocalUsers/ivvv_tester ] Name = ivvv_tester Description = Password = <encrypted> AllowNullPassword = FALSE Enabled = TRUE Group~ = BaseProfile~ = mwts_uc1_nopool AuthenticationScript~ =


AuthorizationScript~ = UserDefined1 = Attributes/ CheckItems/ --> cd attributes [ //localhost/Radius/UserLists/ISPABCLocalUsers/ivvv_tester/Attributes ] --> ls

5.6.3 Verify the User Profile The following example shows the user profile and attributes for mwts_uc1_nopool, which is used as a base profile for user ivvv_tester. The attributes defined for this profile will determine how the PDSN treats the user. --> cd /radius/profiles/mwts_uc1_nopool [ //localhost/Radius/Profiles/mwts_uc1_nopool ] Name = mwts_uc1_nopool Description = Attributes/ --> ls attributes [ Attributes ] cisco-avpair = lcp:cdma-user-class=1 cisco-avpair = "lcp:interface-config=compress mppc" Framed-Compression = "VJ TCP/IP header compression" Framed-MTU = 1500 Framed-Protocol = ppp Framed-Routing = None Service-Type = Framed From the attributes listed above, it can be seen that the user profile is defined as user class 1 (SIP only). The user is set to use framed PPP for the connection with an MTU of 1500 bytes and allowed to use VJ TCP/IP header compression as well as MPPC PPP compression if the client allows. Since there is no IP address defined, the PDSN will assign an IP address to it from an local PPP pool. It is possible to have the AR configured to manage the IP pools and assign a dynamic address as well.


6 Mobile IP Database Provisioning ?? Note: In order to establish Mobile IP functionality, the Simple IP Database provisioning

must be complete and fully operational. 6.1 HA Configuration Once the network is configured for Simple IP, the basic foundation is in place and ready for Mobile IP support. The HA must first be configured to provide MIP tunneling services to subscribers in the network. The following configuration example assumes that HA redundancy will be supported.

Current configuration : 2561 bytes ! version 12.2 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname HA_A ! boot system flash disk0:c7200-h1ik9s-mz.122-8.BY.bin ! Configure the Home AAA aaa new-model ! ! aaa group server radius MOT server 5.2.250.12 auth-port 1645 acct-port 1646 ! aaa authentication login CONSOLE none aaa authentication ppp default local group MOT aaa authorization config-commands aaa authorization ipmobile default group MOT aaa authorization network default group MOT aaa accounting update periodic 60 aaa accounting network default start-stop group MOT aaa session-id common enable password ivvv ! username haA ip subnet-zero no ip gratuitous-arps ip cef ! ! controller ISA 4/1 ! bridge irb ! ! ! ! Define the loopback interface for mobile hosts interface Loopback10 description MIP Virtual Network Loopback


no ip address ! ! FA0/0 and FA1/0 will be used for AR/NMS ! BVI 1 will be the virtual bridge interface interface FastEthernet0/0 description Cisco AR/NMS to CAT-1 fa3/1 no ip address duplex full speed 100 bridge-group 1 ! interface FastEthernet0/1 description Cisco AR/NMS to CAT-2 fa3/1 no ip address duplex full speed 100 bridge-group 1 ! ! FA1/0 and FA2/0 will be used for MIP traffic ! BVI 2 will be the virtual bridge interface interface FastEthernet1/0 description MIP to CAT-1 fa3/20 no ip address duplex full bridge-group 2 ! interface FastEthernet2/0 description MIP to CAT-2 fa3/20 no ip address duplex full bridge-group 2 ! interface BVI1 description AR/NMS Bridge ip address 5.2.250.1 255.255.255.240 no ip mroute-cache ! interface BVI2 description MIP Bridge ip address 5.2.252.1 255.255.255.0 no ip mroute-cache standby 1 ip 5.2.252.10 standby 1 priority 100 standby 1 name HA_Group_1 ! ! Enable Mobile IP router mobile ! ip local pool ha_mip 5.2.252.19 5.2.252.30 ip classless ip route 0.0.0.0 0.0.0.0 5.2.252.13 no ip http server ip pim bidir-enable ! Enable the home agent function ip mobile home-agent ! Define the mobile host network and mobile host security associations


ip mobile host nai @ispxyz.com address pool local ha_mip virtual-network 5.2.252.0 255.255.255.0 aaa load-sa ! Define security associations for the valid foreign agents this HA will serve ip mobile secure foreign-agent 5.2.254.225 spi 100 key ascii cisco algorithm md5 mode prefix-suffix ip mobile secure foreign-agent 5.2.254.226 spi 100 key ascii cisco algorithm md5 mode prefix-suffix ! ! ! ! ! Configure the home AAA radius function radius-server host 5.2.250.12 auth-port 1645 acct-port 1646 key cisco radius-server retransmit 3 radius-server deadtime 5 radius-server vsa send accounting 3gpp2 radius-server vsa send authentication 3gpp2 bridge 1 protocol ieee bridge 1 route ip bridge 2 protocol ieee bridge 2 route ip call rsvp-sync ! ! mgcp profile default ! dial-peer cor custom ! ! ! ! gatekeeper shutdown ! ! line con 0 line aux 0 line vty 0 4 ! ! end

6.2 PDSN Mobile-IP Configuration Now that a Home Agent has been configured, the PDSN providing MIP services needs to be configured as a Foreign Agent.

router mobile ! ip mobile foreign-agent care-of CDMA-Ix1 ip mobile secure home -agent 5.2.252.10 spi 100 key ascii cisco algorithm md5 mode prefix-suffix cdma pdsn send-agent-adv ! interface virtual-template 1 cdma pdsn mobile-advertisement-burst 3 200 ip mobile foreign-service challenge 200 5 ip mobile foreign-service challenge forward-mfce timeout 10 window 5 ip mobile registration lifetime 36000


ip mobile foreign-serveice reverse-tunnel !

6.3 Home AAA Considerations Please refer to section 5.6 and follow the examples to verify that the HA client exists in the Home AAA database and that a Mobile IP subscriber/profile exists in the database as well. During Mobile IP registrations, the following key actions need to occur.

1. Mobile Node to AAA Authentication: If configured on the mobile, it will send a General Authentication Extension containing a CHAP password in the MIP Registration Request Message. When received, the PDSN will send an Access-Request Message to the local AAA along with the MSID of the user for authentication. The local AAA must be configured either to authenticate the user based on its MSID or to proxy the MSID based authentication over to a remote AAA server for authentication. It should be understood that for Mobile IP, PPP CHAP authentication is not performed, and the username/password in the DUN on the data client is not used. The MIP username and AAA password must be programmed into the mobile by the vendor using QPST or some other equivalent tool.

2. Mobile Node to HA Authentication: If configured on the mobile, it will send a MNHA

Authentication Extension in the MIP Registration Request Message. When received, the HA will send an Access-Request message to the home AAA along with the MIP username for authentication. The home AAA must authenticate the user and pass the user profile information back to the HA for processing. The HA must have either a security association defined for the mobile, or the home AAA must provide it based on the subscriber’s profile so that the HA can authenticate the user. The MNHA authentication is based on an SPI and shared secret much like the PCF to PDSN. This information must also be programmed into the phone by the vendor.


7 Upgrade Considerations 7.1 Upgrading PDSN / HA Devices There are several CLI command changes when moving from 1.0 to 1.2 image lines with the Cisco PDSN/HA. It is highly recommended that the system engineers update their configuration files according to this document prior to loading the 1.2 image. The configuration updates should be done offline (text editor) so that the existing configuration stays in tact on 1.0 devices. Do not attempt to use the new configuration files on a 1.0 device. After loading the 1.2 image, the new configuration should be applied. This will avoid any configuration data loss due to CLI command changes. 7.2 Upgrading the AR AR version 3.0 requires Solaris 5.8. In many instances, existing AR devices are not running this operating system. It is highly recommended that the system engineers upgrade the AR devices to 5.8 running AR1.7 prior to upgrading the AR software. This will allow the AR upgrade procedure to automatically update the AR database to the 3.0 format without any manual intervention. Cisco highly recommends Sun Professional Services as a support mechanism for upgrading the Sun platforms to 5.8 and implementing AR Clustering.

*68P09301A55−A*

68P09301A55–A

68P09301A55–ANOV 2002ENGLISH

WHITE PAPER

TechnicalInformation

MOTOROLA–CISCO PDN IOSINTEGRATION

CDMA

WHITE PAPER

CDMA

MOTOROLA–CISCO PDN IOS INTEGRATION

EN

GL

ISH

NO

V 2

002

68P

0930

1A55

–A

Technical Information Products and Services

ÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇÇ

STANDARD MANUAL PRINTING INSTRUCTIONS

STANDARD SPECIFICATIONS – FOR REFERENCE–DO NOT MODIFY

Part Number: 68P09301A55–A APC:

Title: Motorola–Cisco PDN IOS Integration

625

PAPER:

Body: 70 lb.

Inside Cover: 65 lb. Cougar

Tabs: 110 lb. Index

Binder Cover: Standard TEDcover – 10 pt. Carolina

1st. LEVEL TABS:

Single Sided

5 Cuts

Clear Mylar

Pantone 2706–C

Black Ink

2nd. LEVEL TABS: FINISHING:

3–Ring BinderSlant–D

3–Hole Punched(5/16–in. dia.)

Shrink Wrap Body

Black ink for body, inside cover, and binder cover.

SPECIAL INSTRUCTIONS

TAB and SHEET SIZE/QUANTITY

7X9 8.5x11 21 11x17

NON–STANDARD SPECIFICATIONS

Tape Bound Corner Stitch X

Other: Meet with manager to determine the deliverable.

Sheets = (Total Pages) / 2

Single Sided

7 Cuts

Clear Mylar

White

Black Ink

Filename: 301a55–a.pdf

1st Level Tabs 2nd Level Tabs

Volume 11/18/02of DatePrint Vendor: e.DOC

Pdn Description

Documents

Transcript of Pdn Description