Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Mobile host authentication using TACACS+ Server

Instead of Home Agent(Router 7507),

I tried to use AAA Server and the instruction is as follow;

user = {

service = mobileip {

set spi#0 = ¡°spi 100 key hex 12345678123456781234567812345678¡±




I don't know how to configure above the format on my ACS 3.0.

Please help me out.

Cisco Employee

Re: Mobile host authentication using TACACS+ Server

1. you need to define a new service in ACS3 which is called mobile ip. For this, first ensure that there is a TACACS+ NAS defined in network configuration.

2. Go to interface configuration->TACACS+ Cisco IOS,

Under new services, tick the first check box,

type mobileip in service textbox, in protocol type ip

now submit. IF there is not even a single tac+

NAS in the config, you will NOT see the TACACS+ CIsco IOS option in interface configuration !!!!

3. Go to group properties now and under tacacs+, at the end of the list, you will find the new service you defined, select the box, select custom attributes and then define

set spi#0 ....

Hope this helps. Pls. let the forum know if this solved your issue.

New Member

Re: Mobile host authentication using TACACS+ Server

Thank you very much for your appreciation.

But I am afraid that I still have a problem.

During authentication with Cisco Router, I got a debug message as follows;

MobileIP: HA 107 received registration for MN on FastEthernet0/0/0

using COA HA lifetime 7200 options sbdmgVt

MobileIP: HA 107 get SA for MN

MobileIP: MN SA is not available from AAA server

MobileIP: MN SA is not configured, request ignored

%IPMOBILE-6-SECURE: Security violation on HA from MN - errcode MN f

ailed authentication (131), reason No mobility security association (1)

I checked the 'spi', 'key' values in MN and had no problem.

What would be the real problem ?

CreatePlease to create content