Home agent in router mode, Home agent in gateway mode, Atmp connections that bypass a foreign agent – Lucent Technologies 6000 User Manual
Page 460: Atmp connections that bypass a foreign agent -26
11-26
MAX 6000/3000 Network Configuration Guide
Setting Up Virtual Private Networks
Configuring ATMP tunnels
With these Framed-Address and Framed-Netmask settings (equivalent to 10.168.6.21/28) for
the mobile client router, the connecting LAN can support up to 14 hosts. The network address
(or base address) for this subnet is 10.168.6.16. This address represents the network itself,
because the host portion of the IP address is all zeros.
The broadcast address (all ones in host portion of address) for this subnet is 10.168.6.31.
Therefore, the valid host address range is 10.168.6.17—10.168.6.30, which includes 14 host
addresses.
The MAX handles routes to and from the mobile client’s LAN differently, depending on
whether the Home Agent is configured in router mode or gateway mode.
Home Agent in router mode
If the Home Agent connects directly to the home network, set Proxy ARP to Always, which
enables the Home Agent to respond to ARP requests on behalf of the mobile client.
If the Home Agent does not connect directly to the home network, the situation is the same as
for any remote network: Routes to the mobile client’s LAN must either be learned dynamically
from a routing protocol or configured statically.
The mobile client always requires static routes to the Home Agent as well as to other networks
reached through the Home Agent. (It cannot learn routes from the Home Agent.)
Home Agent in gateway mode
If the Home Agent forwards packets from the mobile client across a nailed WAN link to the
home IP network, the answering unit on the home network must have a static route to the
mobile client's LAN.
In addition, because no routing information passes through the connection between the mobile
client and the Home Agent, the mobile client’s LAN can only support local subnets that fall
within the network specified in the RADIUS entry.
For example, using the previous sample RADIUS entry, the mobile client could support two
subnets with a mask of 255.255.255.248: one on the 10.168.6.16 subnet and the other on the
10.168.6.24 subnet. The answering unit on the home network would have only one route to the
router itself (10.168.6.21/28).
ATMP connections that bypass a Foreign Agent
If a Home Agent MAX has the appropriate RADIUS entry for a mobile client, the mobile
client connects directly to the Home Agent. An ATMP-based RADIUS entry that is local to the
Home Agent enables the mobile client to bypass a Foreign Agent connection, but it does not
preclude a Foreign Agent. If both the Home Agent and the Foreign Agent have local RADIUS
entries for the mobile client, the client can choose a direct connection or a tunneled connection
through the Foreign Agent.
For example, the following RADIUS entry authenticates a mobile NetWare client that connects
directly to the Home Agent. In this example, the Home Agent is in the gateway mode (it
forwards packets from the mobile client across a nailed WAN link to the home IPX network):