Cisco EHWIC-4G-LTE-G
Hi,
I was wondering if anyone has managed to sucessfully configure the EHWIC-4G-LTE-G network module for use on the O2-UK network?
I am succesfully registering to o2 (network 10) in the uk (country 234) without roaming (home):
#sh cellular 0/0/0 network
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Mobile Country Code (MCC) = 234
Mobile Network Code (MNC) = 10
Packet switch domain(PS) state = Attached
Registration(EMM) state = Registered
And I have a really good 3G (UMTS) signal (-31dBm is like 5 bars):
#sh cellular 0/0/0 radio
Radio power mode = ON
Current RSSI(RSCP) = -31 dBm
LTE Technology Preference = AUTO
LTE Technology Selected = UMTS
But the profile won't stay active.
If I ping an address on the internet like 8.8.8.8, the default route and chat-script bring the modem online and if I very quickly view the profile it does become active:
#sh cellular 0/0/0 profile
Profile 1 = ACTIVE*
PDP Type = IPv4
PDP address = 10.122.1.178
Access Point Name (APN) = mobile.o2.co.uk
Authentication = Unknown
Username: bypass
Password:
Primary DNS address = 82.132.254.2
Secondary DNS address = 82.132.254.3
However, after a few seconds it always reverts back to the inactive state:
#sh cellular 0/0/0 profile
Profile 1 = INACTIVE*
PDP Type = IPv4
Access Point Name (APN) = mobile.o2.co.uk
Authentication = Unknown
Username: bypass
Password:
This is repeatable and I have tried vertigo, bypass and o2web as different APNs. Here is the profile configuration I'm using:
#cellular 0/0/0 lte profile create 1 mobile.o2.co.uk pap bypass password ipv4
I have also tried a variety of chat-scripts like:
chat-script modem "" "AT!CALL1" TIMEOUT 30
chat-script modem "" "ATDT*99*1#" TIMEOUT 60 "OK"
chat-script modem "" "ATDT*99*1#" TIMEOUT 60 "CONNECT"
chat-script modem "" "ATDT*99***1#" TIMEOUT 60 "CONNECT"
To no avail. Here is the debug output that does not look good:
*Dec 23 16:10:56.907: CHAT0/0/0: Attempting async line dialer script
*Dec 23 16:10:56.907: CHAT0/0/0: process started
*Dec 23 16:10:56.907: CHAT0/0/0: Asserting DTR
*Dec 23 16:10:56.907: TTY0/0/0: no timer type 1 to destroy
*Dec 23 16:10:56.907: TTY0/0/0: no timer type 0 to destroy
*Dec 23 16:10:56.907: TTY0/0/0: no timer type 2 to destroy
*Dec 23 16:10:57.063: TTY0/0/0: DSR was dropped
*Dec 23 16:10:57.063: tty0/0/0: Modem: READY->(unknown).
*Dec 23 16:10:58.063: TTY0/0/0: dropping DTR, hanging up
*Dec 23 16:10:58.063: TTY0/0/0: Async Int reset: Dropping DTR
For reference, here is the rest of the configuration:
interface Cellular0/0/0
ip address negotiated
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string modem
dialer-group 1
async mode interactive
end
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
dialer-list 1 protocol ip permit
line 0/0/0
exec-timeout 0 0
script dialer modem
modem InOut
no exec
Any suggestions much appreciated.
Many thanks,
Jonny
For anyone who is interested, below is my working solution. The trick was to create a dialer interface with PPP encpasulation and join it to the cellular interface which has SLIP encapsulation:
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
chat-script lte "" "AT!CALL1" TIMEOUT 30 "OK"
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer pool-member 1
dialer-group 1
async mode interactive
routing dynamic
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer string lte
dialer persistent
dialer-group 1
ppp authentication pap callin
ppp pap sent-username o2web password 0 password
ppp ipcp dns request
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 1 permit ip any
dialer-list 1 protocol ip permit
line 0/0/0
script dialer lte
modem InOut
no exec
transport input all
transport output all
rxspeed 100000000 <-- Max LTE download speed populated automatically
txspeed 50000000 <-- Max LTE upload speed populated automatically
As you can see the 10.x address assigned by o2 goes onto the Dialer interface instead:
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
Cellular0/0/0 unassigned YES NVRAM up up
Cellular0/0/1 unassigned YES unset down down
Cellular0/0/2 unassigned YES unset down down
Cellular0/0/3 unassigned YES unset down down
Dialer1 10.65.98.14 YES IPCP up up
NVI0 192.168.1.1 YES unset up up
These lines are also required but are the same as before:
#cellular 0/0/0 lte profile create 1 mobile.o2.co.uk pap o2web password ipv4
#cellular 0/0/1 lte profile create 1 mobile.o2.co.uk pap o2web password ipv4 <-- Necessary for some reason
#(config)interface cellular 0/0/0
#(config-if)#no shutdown
#(config)interface cellular 0/0/1
#(config-if)#shutdown
Similar Messages
-
EHWIC-4G-LTE-V only connects via 1xRTT
I've got an EHWIC-4G-LTE-V card in a 2921 router and am only able to connect via 1xRTT. Can someone take a look at the output below and provide some insight as to why I can't connect via LTE? Thank you.
BroadbandLabv233#sho cell 0/0/0 all
Hardware Information
====================
Modem Firmware Version = SWI9600M_03.05.10.06
Modem Firmware built = 2012/11/12 15:07:45
Hardware Version = 10
Integrated Circuit Card ID (ICCID) = 89148000001035643492
Mobile Station Identifier (MSID) : 9802145106
Electronic Serial Number (ESN) = 0x8028B8D1 [12802668753]
Preferred Roaming List (PRL) Version = 0
Profile Information
====================
Profile 1 = INACTIVE **
PDP Type = IPv4
Access Point Name (APN) =
Authentication = None
Username:
Password:
Profile 3 = ACTIVE*
PDP Type = IPv4
PDP address = 166.251.23.6
Access Point Name (APN) = SO01.VZWSTATIC
Authentication = None
Username:
Password:
Primary DNS address = 198.224.183.135
Secondary DNS address = 198.224.182.135
* - Default profile
** - LTE attach profile
Data Connection Information
===========================
Data Transmitted = 5428 bytes, Received = 0 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 3, Packet Session Status = ACTIVE
IP address = 166.251.23.6
Primary DNS address = 198.224.183.135
Secondary DNS address = 198.224.182.135
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Network Information
===================
Current Service = Packet switched
Current System Identifier (SID) = 139
Current Network Identifier (NID) = 65535
Current Service Status = Normal
Packet switch domain(PS) state = Attached
Registration state = Registered
Radio Information
=================
1xRTT related info
Current RSSI = -77 dBm
Radio power mode = ON
LTE Technology Preference = AUTO
LTE Technology Selected = eHRPD(1xRTT)
Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3
GPS Information
==========================
GPS Info
GPS Feature: enabled
GPS Port Selected: Dedicated GPS port
GPS State: GPS disabled
SMS Information
===============
Incoming Message Information
SMS stored in modem = 0
SMS archived since booting up = 0
Total SMS deleted since booting up = 0
Storage records allocated = 25
Storage records used = 0
Number of callbacks triggered by SMS = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Outgoing Message Information
Total SMS sent successfully = 0
Total SMS send failure = 0
Number of outgoing SMS pending = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Last Outgoing SMS Status = SUCCESS
Copy-to-SIM Status = 0x0
Send-to-Network Status = 0x0
Report-Outgoing-Message-Number:
Reference Number = 0
Result Code = 0x0
Diag Code = 0x0 0x0 0x0 0x0 0x0
SMS Archive URL =
Error Information
=================
This command is not supported on 4G modems.
Modem Crashdump Information
===========================
Modem crashdump logging: off
BroadbandLabv233#sho run
Building configuration...
Current configuration : 10686 bytes
! Last configuration change at 19:39:23 UTC Wed Aug 20 2014 by @dm1n
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname BroadbandLabv233
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.153-3.M2.bin
boot-end-marker
logging buffered 4096 informational
logging console informational
no aaa new-model
ip flow-cache timeout active 1
ip domain name aaanet.com
ip cef
no ipv6 cef
multilink bundle-name authenticated
chat-script lte "" "AT!CALL1" TIMEOUT 20 "OK"
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller Cellular 0/0
track 100 ip sla 100 reachability
delay down 10 up 20
class-map type inspect match-any INSPECT-TO-ROUTER-CLASS
match access-group name INSPECT-TO-ROUTER-ACL
class-map type inspect match-any INSPECT-FROM-ROUTER-CLASS
match access-group name INSPECT-FROM-ROUTER-ACL
class-map type inspect match-any INSPECT-INSIDE-TO-OUTSIDE-CLASS
match protocol ftp
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any PASS-TO-ROUTER-CLASS
match access-group name PASS-TO-ROUTER-ACL
class-map type inspect match-any PASS-FROM-ROUTER-CLASS
match access-group name PASS-FROM-ROUTER-ACL
policy-map type inspect INSIDE-TO-OUTSIDE-POLICY
class type inspect INSPECT-INSIDE-TO-OUTSIDE-CLASS
inspect
class class-default
drop log
policy-map type inspect TO-ROUTER-POLICY
class type inspect INSPECT-TO-ROUTER-CLASS
inspect
class type inspect PASS-TO-ROUTER-CLASS
pass
class class-default
drop log
policy-map type inspect FROM-ROUTER-POLICY
class type inspect INSPECT-FROM-ROUTER-CLASS
inspect
class type inspect PASS-FROM-ROUTER-CLASS
pass
class class-default
drop log
zone security INSIDE
description internal interfaces
zone security OUTSIDE
description external interfaces
zone-pair security INSIDE-TO-OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE-TO-OUTSIDE-POLICY
zone-pair security FROM-ROUTER source self destination OUTSIDE
service-policy type inspect FROM-ROUTER-POLICY
zone-pair security TO-ROUTER source OUTSIDE destination self
service-policy type inspect TO-ROUTER-POLICY
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp policy 2
encr aes
authentication pre-share
group 5
crypto isakmp key <removed> address <removed>
crypto isakmp keepalive 10 periodic
crypto isakmp aggressive-mode disable
crypto ipsec transform-set HQ-vpn esp-3des esp-md5-hmac
mode tunnel
crypto map Branch-VPN-Policy 10 ipsec-isakmp
description VPN Tunnel to AAA-HQ
set peer <removed>
set transform-set HQ-vpn
match address Remote-HQ-acl
interface Loopback0
ip address <removed> 255.255.255.255
interface Tunnel0
bandwidth 512
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
ip tcp adjust-mss 1380
ip ospf cost 150
shutdown
tunnel source GigabitEthernet0/1
tunnel mode ipip
tunnel destination <removed>
interface Tunnel1
bandwidth 512
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
ip tcp adjust-mss 1380
ip ospf cost 150
tunnel source Cellular0/0/0
tunnel mode ipip
tunnel destination <removed>
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.10
description Data Network
encapsulation dot1Q 10
ip address <removed>
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security INSIDE
interface GigabitEthernet0/0.20
description Voice Network
encapsulation dot1Q 20
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
interface GigabitEthernet0/0.40
description Management
encapsulation dot1Q 40
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
interface GigabitEthernet0/1
bandwidth 50000
ip address <removed>
no ip unreachables
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly in
zone-member security OUTSIDE
shutdown
duplex auto
speed auto
pppoe enable group global
crypto map Branch-VPN-Policy
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
interface Cellular0/0/0
ip address negotiated
ip access-group NO-BOUNCE out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security OUTSIDE
encapsulation slip
ip tcp adjust-mss 1000
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
crypto map Branch-VPN-Policy
router ospf 100
network <removed> area <removed>
network <removed> area <removed>
network <removed> area <removed>
ip local policy route-map sla-route
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-export source Loopback0
ip flow-export destination <removed> 2055
ip nat inside source route-map Broadband-NAT interface GigabitEthernet0/1 overload
ip nat inside source route-map Cell-NAT interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 <removed> track 100
ip route <removed> track 100
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10
ip route <removed> Cellular0/0/0 10
ip route <removed> Tunnel0
ip route <removed> Tunnel1
ip access-list extended INSPECT-FROM-ROUTER-ACL
permit udp any any eq isakmp
permit icmp any any
permit udp <removed> any eq syslog
ip access-list extended INSPECT-TO-ROUTER-ACL
permit icmp any any echo
ip access-list extended NAT
permit ip <removed> any
ip access-list extended NO-BOUNCE
permit ip host <removed> any
deny ip any any log
ip access-list extended PASS-FROM-ROUTER-ACL
permit udp any eq bootpc any eq bootps
permit esp any any
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended PASS-TO-ROUTER-ACL
permit udp any eq bootps any eq bootpc
permit esp any any
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended Remote-HQ-acl
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended sla-packets
permit ip host <removed> host 8.8.8.8
ip sla auto discovery
ip sla 100
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1
frequency 10
ip sla schedule 100 life forever start-time now
logging source-interface Loopback0
dialer-list 1 protocol ip list 1
route-map Broadband-NAT permit 10
match ip address NAT
match interface GigabitEthernet0/1
route-map sla-route permit 10
match ip address sla-packets
set ip next-hop <removed>
set interface Null0
route-map Cell-NAT permit 10
match ip address NAT
match interface Cellular0/0/0
snmp-server enable traps vstack operation
access-list 1 permit <removed>
control-plane
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
script dialer lte
modem InOut
no exec
speed 144000
line vty 0 4
login local
transport input all
scheduler allocate 20000 1000
ntp update-calendar
ntp server 10.10.32.179
ntp server 10.10.32.180
event manager session cli username "<removed>"
event manager applet Primary_INET_Down
event track 100 state down maxrun 90
action 1.0 syslog msg "Ping has failed, Primary circuit unable to reach internet!"
action 1.1 cli command "enable"
action 1.2 cli command "configure terminal"
action 1.3 syslog msg "shutting broadband tunnel0"
action 1.4 cli command "interface tunnel 0"
action 1.5 cli command "shutdown"
action 1.6 syslog msg "Clearing crypto"
action 1.7 cli command "do clear crypto session"
action 1.8 cli command "do clear crypto sa"
action 1.9 cli command "do clear crypto isakmp"
action 2.0 syslog msg "clearing route table"
action 2.1 cli command "do clear ip route *"
action 2.2 syslog msg "clearing NAT translations"
action 2.3 cli command "do clear ip nat translation *"
action 2.4 cli command "do clear ip nat translation forced"
action 2.5 syslog msg "enabling 4G card and tunnel1"
action 2.6 cli command "interface cellular 0/0/0"
action 2.7 cli command "no shutdown"
action 2.8 cli command "interface tunnel1"
action 2.9 cli command "no shutdown"
action 3.1 syslog msg "End of script. 4G enabled!"
event manager applet Primary_INET_Recovered
event track 100 state up maxrun 90
action 1.0 syslog msg "Broadband ping has recovered, shutting down 4G card and tunnel1 to limit data usage!"
action 1.1 cli command "enable"
action 1.2 cli command "configure terminal"
action 1.3 cli command "interface cellular 0/0/0"
action 1.4 cli command "shutdown"
action 1.5 cli command "interface tunnel 1"
action 1.6 cli command "shutdown"
action 1.7 syslog msg "clearing crypto"
action 1.8 cli command "do clear crypto session"
action 1.9 cli command "do clear crypto sa"
action 2.0 cli command "do clear crypto isakmp"
action 2.1 syslog msg "clearing route table"
action 2.2 cli command "do clear ip route *"
action 2.3 syslog msg "clearing NAT translations"
action 2.4 cli command "do clear ip nat translation *"
action 2.5 cli command "do clear ip nat translation forced"
action 2.6 syslog msg "enabling broadband tunnel0"
action 2.7 cli command "interface tunnel0"
action 2.8 cli command "no shutdown"
action 2.9 cli command "exit"
action 3.0 syslog msg "End of script. Broadband enabled."I've got an EHWIC-4G-LTE-V card in a 2921 router and am only able to connect via 1xRTT. Can someone take a look at the output below and provide some insight as to why I can't connect via LTE? Thank you.
BroadbandLabv233#sho cell 0/0/0 all
Hardware Information
====================
Modem Firmware Version = SWI9600M_03.05.10.06
Modem Firmware built = 2012/11/12 15:07:45
Hardware Version = 10
Integrated Circuit Card ID (ICCID) = 89148000001035643492
Mobile Station Identifier (MSID) : 9802145106
Electronic Serial Number (ESN) = 0x8028B8D1 [12802668753]
Preferred Roaming List (PRL) Version = 0
Profile Information
====================
Profile 1 = INACTIVE **
PDP Type = IPv4
Access Point Name (APN) =
Authentication = None
Username:
Password:
Profile 3 = ACTIVE*
PDP Type = IPv4
PDP address = 166.251.23.6
Access Point Name (APN) = SO01.VZWSTATIC
Authentication = None
Username:
Password:
Primary DNS address = 198.224.183.135
Secondary DNS address = 198.224.182.135
* - Default profile
** - LTE attach profile
Data Connection Information
===========================
Data Transmitted = 5428 bytes, Received = 0 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 3, Packet Session Status = ACTIVE
IP address = 166.251.23.6
Primary DNS address = 198.224.183.135
Secondary DNS address = 198.224.182.135
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Network Information
===================
Current Service = Packet switched
Current System Identifier (SID) = 139
Current Network Identifier (NID) = 65535
Current Service Status = Normal
Packet switch domain(PS) state = Attached
Registration state = Registered
Radio Information
=================
1xRTT related info
Current RSSI = -77 dBm
Radio power mode = ON
LTE Technology Preference = AUTO
LTE Technology Selected = eHRPD(1xRTT)
Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3
GPS Information
==========================
GPS Info
GPS Feature: enabled
GPS Port Selected: Dedicated GPS port
GPS State: GPS disabled
SMS Information
===============
Incoming Message Information
SMS stored in modem = 0
SMS archived since booting up = 0
Total SMS deleted since booting up = 0
Storage records allocated = 25
Storage records used = 0
Number of callbacks triggered by SMS = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Outgoing Message Information
Total SMS sent successfully = 0
Total SMS send failure = 0
Number of outgoing SMS pending = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Last Outgoing SMS Status = SUCCESS
Copy-to-SIM Status = 0x0
Send-to-Network Status = 0x0
Report-Outgoing-Message-Number:
Reference Number = 0
Result Code = 0x0
Diag Code = 0x0 0x0 0x0 0x0 0x0
SMS Archive URL =
Error Information
=================
This command is not supported on 4G modems.
Modem Crashdump Information
===========================
Modem crashdump logging: off
BroadbandLabv233#sho run
Building configuration...
Current configuration : 10686 bytes
! Last configuration change at 19:39:23 UTC Wed Aug 20 2014 by @dm1n
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname BroadbandLabv233
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.153-3.M2.bin
boot-end-marker
logging buffered 4096 informational
logging console informational
no aaa new-model
ip flow-cache timeout active 1
ip domain name aaanet.com
ip cef
no ipv6 cef
multilink bundle-name authenticated
chat-script lte "" "AT!CALL1" TIMEOUT 20 "OK"
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
redundancy
controller Cellular 0/0
track 100 ip sla 100 reachability
delay down 10 up 20
class-map type inspect match-any INSPECT-TO-ROUTER-CLASS
match access-group name INSPECT-TO-ROUTER-ACL
class-map type inspect match-any INSPECT-FROM-ROUTER-CLASS
match access-group name INSPECT-FROM-ROUTER-ACL
class-map type inspect match-any INSPECT-INSIDE-TO-OUTSIDE-CLASS
match protocol ftp
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any PASS-TO-ROUTER-CLASS
match access-group name PASS-TO-ROUTER-ACL
class-map type inspect match-any PASS-FROM-ROUTER-CLASS
match access-group name PASS-FROM-ROUTER-ACL
policy-map type inspect INSIDE-TO-OUTSIDE-POLICY
class type inspect INSPECT-INSIDE-TO-OUTSIDE-CLASS
inspect
class class-default
drop log
policy-map type inspect TO-ROUTER-POLICY
class type inspect INSPECT-TO-ROUTER-CLASS
inspect
class type inspect PASS-TO-ROUTER-CLASS
pass
class class-default
drop log
policy-map type inspect FROM-ROUTER-POLICY
class type inspect INSPECT-FROM-ROUTER-CLASS
inspect
class type inspect PASS-FROM-ROUTER-CLASS
pass
class class-default
drop log
zone security INSIDE
description internal interfaces
zone security OUTSIDE
description external interfaces
zone-pair security INSIDE-TO-OUTSIDE source INSIDE destination OUTSIDE
service-policy type inspect INSIDE-TO-OUTSIDE-POLICY
zone-pair security FROM-ROUTER source self destination OUTSIDE
service-policy type inspect FROM-ROUTER-POLICY
zone-pair security TO-ROUTER source OUTSIDE destination self
service-policy type inspect TO-ROUTER-POLICY
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp policy 2
encr aes
authentication pre-share
group 5
crypto isakmp key <removed> address <removed>
crypto isakmp keepalive 10 periodic
crypto isakmp aggressive-mode disable
crypto ipsec transform-set HQ-vpn esp-3des esp-md5-hmac
mode tunnel
crypto map Branch-VPN-Policy 10 ipsec-isakmp
description VPN Tunnel to AAA-HQ
set peer <removed>
set transform-set HQ-vpn
match address Remote-HQ-acl
interface Loopback0
ip address <removed> 255.255.255.255
interface Tunnel0
bandwidth 512
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
ip tcp adjust-mss 1380
ip ospf cost 150
shutdown
tunnel source GigabitEthernet0/1
tunnel mode ipip
tunnel destination <removed>
interface Tunnel1
bandwidth 512
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
ip tcp adjust-mss 1380
ip ospf cost 150
tunnel source Cellular0/0/0
tunnel mode ipip
tunnel destination <removed>
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.10
description Data Network
encapsulation dot1Q 10
ip address <removed>
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security INSIDE
interface GigabitEthernet0/0.20
description Voice Network
encapsulation dot1Q 20
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
interface GigabitEthernet0/0.40
description Management
encapsulation dot1Q 40
ip address <removed>
ip flow ingress
ip flow egress
zone-member security INSIDE
interface GigabitEthernet0/1
bandwidth 50000
ip address <removed>
no ip unreachables
ip flow ingress
ip flow egress
ip nat outside
no ip virtual-reassembly in
zone-member security OUTSIDE
shutdown
duplex auto
speed auto
pppoe enable group global
crypto map Branch-VPN-Policy
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
interface Cellular0/0/0
ip address negotiated
ip access-group NO-BOUNCE out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
zone-member security OUTSIDE
encapsulation slip
ip tcp adjust-mss 1000
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
crypto map Branch-VPN-Policy
router ospf 100
network <removed> area <removed>
network <removed> area <removed>
network <removed> area <removed>
ip local policy route-map sla-route
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-export source Loopback0
ip flow-export destination <removed> 2055
ip nat inside source route-map Broadband-NAT interface GigabitEthernet0/1 overload
ip nat inside source route-map Cell-NAT interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 <removed> track 100
ip route <removed> track 100
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10
ip route <removed> Cellular0/0/0 10
ip route <removed> Tunnel0
ip route <removed> Tunnel1
ip access-list extended INSPECT-FROM-ROUTER-ACL
permit udp any any eq isakmp
permit icmp any any
permit udp <removed> any eq syslog
ip access-list extended INSPECT-TO-ROUTER-ACL
permit icmp any any echo
ip access-list extended NAT
permit ip <removed> any
ip access-list extended NO-BOUNCE
permit ip host <removed> any
deny ip any any log
ip access-list extended PASS-FROM-ROUTER-ACL
permit udp any eq bootpc any eq bootps
permit esp any any
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended PASS-TO-ROUTER-ACL
permit udp any eq bootps any eq bootpc
permit esp any any
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended Remote-HQ-acl
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
permit ip host <removed> host <removed>
ip access-list extended sla-packets
permit ip host <removed> host 8.8.8.8
ip sla auto discovery
ip sla 100
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1
frequency 10
ip sla schedule 100 life forever start-time now
logging source-interface Loopback0
dialer-list 1 protocol ip list 1
route-map Broadband-NAT permit 10
match ip address NAT
match interface GigabitEthernet0/1
route-map sla-route permit 10
match ip address sla-packets
set ip next-hop <removed>
set interface Null0
route-map Cell-NAT permit 10
match ip address NAT
match interface Cellular0/0/0
snmp-server enable traps vstack operation
access-list 1 permit <removed>
control-plane
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
script dialer lte
modem InOut
no exec
speed 144000
line vty 0 4
login local
transport input all
scheduler allocate 20000 1000
ntp update-calendar
ntp server 10.10.32.179
ntp server 10.10.32.180
event manager session cli username "<removed>"
event manager applet Primary_INET_Down
event track 100 state down maxrun 90
action 1.0 syslog msg "Ping has failed, Primary circuit unable to reach internet!"
action 1.1 cli command "enable"
action 1.2 cli command "configure terminal"
action 1.3 syslog msg "shutting broadband tunnel0"
action 1.4 cli command "interface tunnel 0"
action 1.5 cli command "shutdown"
action 1.6 syslog msg "Clearing crypto"
action 1.7 cli command "do clear crypto session"
action 1.8 cli command "do clear crypto sa"
action 1.9 cli command "do clear crypto isakmp"
action 2.0 syslog msg "clearing route table"
action 2.1 cli command "do clear ip route *"
action 2.2 syslog msg "clearing NAT translations"
action 2.3 cli command "do clear ip nat translation *"
action 2.4 cli command "do clear ip nat translation forced"
action 2.5 syslog msg "enabling 4G card and tunnel1"
action 2.6 cli command "interface cellular 0/0/0"
action 2.7 cli command "no shutdown"
action 2.8 cli command "interface tunnel1"
action 2.9 cli command "no shutdown"
action 3.1 syslog msg "End of script. 4G enabled!"
event manager applet Primary_INET_Recovered
event track 100 state up maxrun 90
action 1.0 syslog msg "Broadband ping has recovered, shutting down 4G card and tunnel1 to limit data usage!"
action 1.1 cli command "enable"
action 1.2 cli command "configure terminal"
action 1.3 cli command "interface cellular 0/0/0"
action 1.4 cli command "shutdown"
action 1.5 cli command "interface tunnel 1"
action 1.6 cli command "shutdown"
action 1.7 syslog msg "clearing crypto"
action 1.8 cli command "do clear crypto session"
action 1.9 cli command "do clear crypto sa"
action 2.0 cli command "do clear crypto isakmp"
action 2.1 syslog msg "clearing route table"
action 2.2 cli command "do clear ip route *"
action 2.3 syslog msg "clearing NAT translations"
action 2.4 cli command "do clear ip nat translation *"
action 2.5 cli command "do clear ip nat translation forced"
action 2.6 syslog msg "enabling broadband tunnel0"
action 2.7 cli command "interface tunnel0"
action 2.8 cli command "no shutdown"
action 2.9 cli command "exit"
action 3.0 syslog msg "End of script. Broadband enabled." -
1921 and EHWIC-4G-LTE-V Failures On Connecting LAN
I am running into an issue regarding usage of a 1921 (15.3(2)T) and EHWIC-4G-LTE-V (firmware SWI9600M_03.05.10.06).
With the EHWIC installed in the router, I am able to establish a data connection on the Verizon LTE network. RSSI approx -64 consistently.
However, the oddities begin when I connect the LAN (or a laptop, for troubleshooting purposes) to the internal interface (Gig 0/1).
Output when no other devices connected to the router
===============================================
arch-eng-router1#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/80/224 ms
Profile Information
====================
Profile 1 = ACTIVE*
PDP Type = IPv4
PDP address = 10.172.240.7
Access Point Name (APN) = VZWINTERNET
Authentication = None
Username:
Password:
Primary DNS address = 198.224.169.135
Secondary DNS address = 198.224.170.135
* - Default profile
Output when another device is connected to the router
================================================
[Note: 'debug dialer' and 'debug chat' enabled for output]
*Jul 10 03:34:04.643: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Jul 10 03:34:05.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
*Jul 10 03:34:09.779: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to reset
*Jul 10 03:34:09.779: Ce0/0/0 DDR: has total 0 call(s), dial_out 0, dial_in 0
*Jul 10 03:34:09.779: %DIALER-6-UNBIND: Interface Ce0/0/0 unbound from profile Di1
*Jul 10 03:34:09.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:10.207: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:10.207: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:10.211: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:10.211: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:10.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to down
*Jul 10 03:34:10.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:11.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:11.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:11.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:11.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:12.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:12.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:12.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:12.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:13.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:14.207: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:14.211: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:14.211: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:14.211: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:14.779: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down
*Jul 10 03:34:14.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:15.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:15.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:16.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:16.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:16.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:17.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:17.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:17.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:18.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.551: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:19.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:19.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:20.771: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:20.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:21.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:21.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:22.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:22.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:23.783: Di1 DDR: No free dialer - starting fast idle timer
*Jul 10 03:34:23.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:23.795: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:23.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:23.799: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:24.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:24.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:24.779: Ce0/0/0 DDR: re-enable timeout
*Jul 10 03:34:24.783: Ce0/0/0 DDR: rotor dialout [best] least recent failure is also most recent failure
*Jul 10 03:34:24.783: Ce0/0/0 DDR: rotor dialout [best] also has most recent failure
*Jul 10 03:34:24.783: Ce0/0/0 DDR: rotor dialout [best]
*Jul 10 03:34:24.783: Di1 DDR: Nailing up the Dialer profile [attempt 16]
*Jul 10 03:34:24.783: Di1 DDR: Dialer dialing - persistent dialer profile
*Jul 10 03:34:24.783: Ce0/0/0 DDR: Dialing cause Persistent Dialer Profile
*Jul 10 03:34:24.783: Ce0/0/0 DDR: Attempting to dial lte
*Jul 10 03:34:24.783: CHAT0/0/0: Attempting async line dialer script
*Jul 10 03:34:24.783: CHAT0/0/0: Dialing using Modem script: lte & System script: none
*Jul 10 03:34:24.783: CHAT0/0/0: process started
*Jul 10 03:34:24.783: CHAT0/0/0: Asserting DTR
*Jul 10 03:34:24.783: CHAT0/0/0: Chat script lte started
*Jul 10 03:34:24.783: CHAT0/0/0: Sending string: AT!CALL1
*Jul 10 03:34:24.783: CHAT0/0/0: Expecting string: OK
*Jul 10 03:34:25.571: CHAT0/0/0: Completed match for expect: OK
*Jul 10 03:34:25.571: CHAT0/0/0: Chat script lte finished, status = Success
*Jul 10 03:34:26.583: Ce0/0/0 DDR: disconnecting call
*Jul 10 03:34:28.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:28.775: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:33.999: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:34.999: Di1: No free dialer - starting fast idle timer
*Jul 10 03:34:37.643: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Jul 10 03:34:38.643: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
*Jul 10 03:34:41.583: Ce0/0/0 DDR: re-enable timeout
*Jul 10 03:34:42.583: Ce0/0/0 DDR: rotor dialout [best] least recent failure is also most recent failure
*Jul 10 03:34:42.583: Ce0/0/0 DDR: rotor dialout [best] also has most recent failure
*Jul 10 03:34:42.583: Ce0/0/0 DDR: rotor dialout [best]
*Jul 10 03:34:42.583: Di1 DDR: Nailing up the Dialer profile [attempt 17]
*Jul 10 03:34:42.583: Di1 DDR: Dialer dialing - persistent dialer profile
*Jul 10 03:34:42.583: Ce0/0/0 DDR: Dialing cause Persistent Dialer Profile
*Jul 10 03:34:42.583: Ce0/0/0 DDR: Attempting to dial lte
*Jul 10 03:34:42.583: CHAT0/0/0: Attempting async line dialer script
*Jul 10 03:34:42.583: CHAT0/0/0: Dialing using Modem script: lte & System script: none
*Jul 10 03:34:42.583: CHAT0/0/0: process started
*Jul 10 03:34:42.583: CHAT0/0/0: Asserting DTR
*Jul 10 03:34:42.583: CHAT0/0/0: Chat script lte started
*Jul 10 03:34:42.583: CHAT0/0/0: Sending string: AT!CALL1
*Jul 10 03:34:42.583: CHAT0/0/0: Expecting string: OK
*Jul 10 03:34:43.671: CHAT0/0/0: Completed match for expect: OK
*Jul 10 03:34:43.671: CHAT0/0/0: Chat script lte finished, status = Success
*Jul 10 03:34:45.671: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Jul 10 03:34:45.671: Ce0/0/0 DDR: Dialer statechange to up
*Jul 10 03:34:45.671: %DIALER-6-BIND: Interface Ce0/0/0 bound to profile Di1
*Jul 10 03:34:45.671: Ce0/0/0 DDR: Dialer call has been placed
*Jul 10 03:34:45.671: Ce0/0/0 DDR: dialer protocol up
*Jul 10 03:34:45.671: Di1 DDR: Persistent Dialer Profile nailed up successfully
*Jul 10 03:34:46.671: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up
Profile Information
====================
Profile 1 = INACTIVE*
PDP Type = IPv4
Access Point Name (APN) = VZWINTERNET
Authentication = None
Username:
Password:
* - Default profile
arch-eng-router1#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Ultimately... once the Ethernet cable is attached, the Cellular 0/0/0 interface resets, attempts to connect, connects, resets, etc... Once the Ethernet cable is disconnected, the Cellular 0/0/0 interface successfully reconnects.
I am not really sure how to further troubleshoot this and was hoping someone in the community would have some additional thoughts on how to proceed.
Thanks so much for your time!I have recently dealt with a similar issue and it was due to NAT not being configured correctly causing the cell card to flop. You really have to NAT all inside traffic regardless of whether is it allowed out or not otherwise Verizon detects it as invalid traffic and drops your cell connection. The blocking of outside traffic to the outside interface should be handled as a "in" ACL on the LAN interface. See some of my config below with some other lines of code I found helpful, tailor to your needs. Let me know how it goes.
ip access-list extended NAT_Traffic
!This is denying any VPN traffic that is outbound on the external interface. If this traffic allows will flop the cell interface.
deny ip any 10.254.254.0 0.0.0.15
!You can modify this to only be the LAN subnets you are actually using but try "any any" just to test.
permit ip any any
ip access-list extended Limited_Internet
!This allows my LAN to communicate with my 10.x.x.x VPN subnets.
permit ip 169.254.0.0 0.0.255.255 10.254.254.0 0.0.0.15
!This allows the one ip address to access the internet and denies all other LAN traffic.
permit ip host 169.254.231.201 any
deny ip 169.254.0.0 0.0.255.255 any
!restrict all traffic except listed below for cell port.
ip access-list extended Secure_Access_In
!I specify the Static IP used but you will have to suit a dynamic IP.
permit tcp any host A.B.C.D eq 22
!Confugure NAT
ip nat inside source list NAT_Traffic interface Cellular0 overload
!Apply ACLs to interfaces
interface Vlan1
!Restricts internet to a limited set of IPs and allows VPN traffic to flow.
ip access-group Limited_Internet in
interface Cellular0
ip access-group Secure_Access_In in
!To allow internet access out from LAN hosts if you have a ACL blocking traffic in on the Cell interface. Always a good idea.
!What to inspect for contect based access control.
ip inspect name INSPECT-IN-OUT tcp
ip inspect name INSPECT-IN-OUT udp
ip inspect name INSPECT-IN-OUT icmp
!where to apply the outgoing CBAC inspection
interface Cellular0
ip inspect INSPECT-IN-OUT out
Hopefully you haven't pulled too much hair out and this helps to fix. -
USB port on Cisco routers to connect 4G datacard
Hello
Can anybody know about the following questions?
1) Which router having USB port on which we can connect 4G datacard for internet connectivity?
2) Is there any inbuild USB port available on 1921-SEC/K9, 2921-SEC/K9, 3925-SEC/K9 routers for connecting 4G datacard for internet connectivity?
3) Is there any WIC card available that will be having USB port for connecting 4G datacard?
Regards,
Mukesh Kumar
Network Engineer
Spooster IT Services1) Which router having USB port on which we can connect 4G datacard for internet connectivity?
None. USB ports do not have adequate capabilities to power up those kinds of devices.
2) Is there any inbuild USB port available on 1921-SEC/K9, 2921-SEC/K9, 3925-SEC/K9 routers for connecting 4G datacard for internet connectivity?
Cisco Fourth-Generation LTE Wireless WAN Enhanced High-Speed WAN Interface Cards Data Sheet
Q&A: Fourth-Generation LTE Wireless WAN Cards for Cisco Integrated Services Routers Generation 2 -
Hi,
we have a Cisco 2921 with two Internet connections:
The primary connection is a DSL link on an EHWIC-VA-DSL-A, the backup a UMTS/LTE connection on a EHWIC-4G-LTE-G.
In case the DSL link fails, an automated failover to the second (UMTS/LTE) connection should happen.
Can anyone please provide a best practice configuration example? I´m not sure if the basic IP SLA mechanisms (tracking) are sufficient, or if i have to combine this with the "backup interface" command.
interface ATM0/0/0.1 point-to-point
backup interface Cellular0/1/0
pvc 8/32
pppoe-client dial-pool-number 1
Many thanks!Hi,
on one any ideas?
My main question is if I should configure the backup using the "backup interface" - method which brings up the cell connection automatically if the line protocol of the ADSL connection is down, or if it is better to use IP SLA / tracking only? -
Cisco ISR G2 EHWIC Shaping is available ? (SDWRR)
Hello
I think normally Modular Qos Shaping feature should be configure into routed port, however if it is switched port. Is it possible?
Here is the related link below, it seems that IEEE 802.1P QoS (Traffic Prioritization) is available on EHWIC.
So I would be better if I can let me know how to configire Modular Qos Shaping on this switch port.
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integrated-services-routers-isr/data_sheet_c78-612808.html
IEEE 802.1P QoS (Traffic Prioritization)
Each port has eight QoS queues. Strict priority is enforced by default. The routers support SDWRR with configurable weight on each queue
Best Regards,
Masanobu HiyoshiHello.
SDWRR is Layer2 QoS.
Here is a details for 3750 - http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_52_se/configuration/guide/3750scg/swqos.html#wp1163879 -
LZW 4G LTE Router Configuration for Cisco 881W (Teleworker, VPN)
I can't get the configuration of the the router to allow traffic on my company's VPN. The router is connected to the internet and otherwise works fine but whenever I attempt to connect via Cisco AnyConnect or the Cisco router, I can connect but can't access any intranet resource, email, etc. In essence, I can authenticate but can't do anything.
I've tried contacting NetGear and they referred me to Verizon. I contact Verizon and Technical Support does not have any information about how to configure their own routers. I'm waiting to hear back from an escalation group in my company's technical support.
I tried opening ports for UDP/TCP already and I attempted to create a static route but the router tells me that my info in incorrect (but I have no idea what is wrong either).
Has anyone come across a similar situation or could help point me in a direction towards a solution?
Thansk.Check with the network administrators for your company. They should be able to confirm the version of your Cisco AnyConnect VPN and the requirements that it needs to open and sustain a tunnel. Once you learn the requirements you can come back to the VZW forums for assistance on configuring your device.
Normally when a VPN authenticates but does not allow any communcation it means that there is a port, firewall rule or NAT feature conflict somewhere on the local network. For example, the old Cisco IPSec VPN requires UDP ports 500/4500, IP 50 and TCP 10000 to be open in addition to NAT-T enabled on the VPN server. Your company may have customized the VPN for thier enviornment so you really need the details before you can move forward.
A good link I like to save for instances like this (old Cisco VPN):
http://www.canvassystems.com/blog/articletype/articleview/articleid/14/how-to-fix-cisco-vpn-client-error-412.aspx -
Cisco Modem Firmware (HWIC) upgrade Process
HI experts,
I need to upgrade firmware of my LTE ( Hwic) module for the router 2901. I am wondering if this is the part of IOS upgrade process , I mean ones I upgrade IOS to the latest version will it upgrade my modem firmware by own or I need to upgrade LTE modem separately?
can you guys please share your experience here?
any docs on this please?
Thanks!Hi,
The LTE module is part of main Cisco IOS you load into the router. Once you upgrade the IOS, it also applies to the module.
ntegrated 4G LTE WWAN broadband: With the 4G LTE WWAN modem integrated into the router, you gain the benefits of simplified installation and management. In addition, the Cisco 4G LTE WWAN EHWICs are tightly integrated with Cisco ISRs, which run the industry-leading Cisco IOS® Software, giving access to all the advanced features of Cisco IOS Software such as quality of service (QoS), intelligent network queuing, and robust security.
Link:
http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/4g-lte-wireless-wan-enhanced-high-speed-wan-interface-card/datasheet_c78-710314.html
HTH -
SNMP Shows 4G WWAN EHWIC Card as GigE0/3!!!
I have a Cisco 2901 router with a 4G LTE Verizon EHWIC Cellular card. For some reason, a "GigabitEthernet0/3" interface shows up under this cellular card in our SNMP data. There are only 2 embedded GigE interfaces on this router. The output from "show diag" lists the proper interfaces, but any SNMP data pops in this extra GigE interface!
I have attached a screenshot and a text file output.
Any ideas why this extra GigE interface shows up?
UPDATE: 23 Aug 2013
Looks like this is some sort of backplane interface? See jpgs.
Message was edited by: Scot GeerHi,
we do not have a 4G card, but we are having the same issue, via snmp we are getting g0/3 which does not exist at the router. -
EHWIC Card is not detecting when we put in the router
Hello Guys,
Currently my router doesn't detects the ehwic card and its currently working on hwic.
I just need to confirm if ehwic card supports T series IOS .
as per the below Cisco document it support min IOS 15.1.M series & I'm using 154-1.T1
appreciate if somebody can quickly confirm the same
http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/high-speed-wan-interface-cards/qa_c67-660125.html
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/EHWIC_1_GE_SFP_CU_FM.html#wp1069000
please find my current IOS version & card type
Card is : EHWIC-1GE-SFP-CUV01
#Show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.4(1)T1, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Wed 12-Feb-14 04:27 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
Router uptime is 2 weeks, 3 days, 11 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.154-1.T1.bin"
Last reload type: Normal Reload
Last reload reason: power-on
Cisco CISCO1941/K9 (revision 1.0) with 487424K/36864K bytes of memory.
2 FastEthernet interfaces
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)Got the things from one test router having different image .please find below.,
#sho version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 14:14 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M3, RELEASE SOFTWARE (fc1)
uptime is 50 minutes
System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.150-1.M1.bin"
##### sh diag
Slot 0:
C1941 Mother board 2GE, integrated VPN and 2W Port adapter, 2 ports
Port adapter is analyzed
Port adapter insertion time 00:50:40 ago
EEPROM contents at hardware discovery:
PCB Serial Number :
Hardware Revision : 1.0
Part Number :
Top Assy. Part Number : 800-30798-01
Board Revision : B0
Deviation Number : 0
Fab Version : 03
Product (FRU) Number : CISCO1941/K9
Version Identifier : V01
CLEI Code :
Processor type : C8
Chassis Serial Number :
Chassis MAC Address :
MAC Address block size : 96
Manufacturing Test Data : 00 00 00 00 00 00 00 00
EEPROM format version 4
EEPROM contents (hex):
WIC Slot 0:
- Unknown WAN daughter card
WIC module not supported/disabled in this slot
PCB Serial Number :
Hardware Revision : 1.0
Part Number :
Board Revision : A1
Top Assy. Part Number : 800-34350-01
Deviation Number : 0
Fab Version : 05
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00
Product (FRU) Number : EHWIC-1GE-SFP-CU
Version Identifier : V01
CLEI Code :
Unknown Field (type 00D4): CC
Asset Identifier : A0
EEPROM format version 4
EEPROM contents (hex):
===
show inventory
NAME: "CISCO1941/K9 chassis", DESCR: "CISCO1941/K9 chassis"
PID: CISCO1941/K9 , VID: V01 , SN: ###### -
All,
on cisco 2951 router vendor try to load below command its throwing an error . please help me what is the correct command , the IOS code used for the device c2951-universalk9-mz.SPA.153-3.M1.bin , below license ordered.
Product Description Quantity
================================================================================================================
CISCO2951/K9 Cisco 2951 w/3 GE 4 EHWIC 3 DSP 2 SM 256MB CF 512MB DRAM IPB 1
S2951UK9-15303M Cisco 2951 IOS UNIVERSAL 1
L-SL-29-DATA-K9= DATA LICENSE 1
SL-29-IPB-K9 IP Base License for Cisco 2901-2951
commands try to configure
license accept end user agreement
license boot module c2900 technology-package datak9
below error received
license boot module c2900 technology-package datak9
^
% Invalid input detected at '^' marker.Try appx-k9 instead of datak9?
-
hi,
i have cisco 1921/k9 and EHWIC-4EGS-P but PoE is is not coming up. i want to connect my APs to this.
Please share how to enable PoE.You need to have the correct power supply on your 1921. If you don't have the PoE power supply, your PoE ports will not come up. See table 5 and then look at what power supply you have.
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integrated-services-routers-isr/data_sheet_c78-612808.html
-Scott -
Cisco rv215w-k9-g5 supported 4G modems
Hi,
I sold my client CISCO RV215W as a 4G internet connection backup and I've a problem now.
RV215W do not work with HUAWEI E3272 LTE dongle.
I open the case in CISCO: SR 631583093 and get message like this:
"The Huawei E3272 dongle will not be supported by the RV215W router, because your PC get an IP from the dongle when you connect it to PC directly".
I'm a bit confused, because every time my PC get an IP from the dongle, no matter which dongle I've used.
Is there any 4G modem supported by RV215W working in Poland with PLUS GSM ISP or do I really have to throw away CISCO and buy TP-LINK TL-MR3420?Hy,
we have the same problem. We have a cisco rv215W router and a new huawei E3272 LTE dongle with HILINK technology. When we connect the dongle with the router(newest firmware), the led is blinking green sometimes, but no connection status.
Driver problem? Will there be a solution?
best regards -
Controlling Cisco Router via SMS
Hi all!
I have a Cisco 2951 with EHWIC-3G-HSPA-U. So the thing that I want to do is to configure WAN interface to be up/down via receiving the proper SMS(I know that ehwic does support receiving/sending SMS). Already saw a Cisco official topic about EHWIC-3G-HSPA-U and haven't found anething related to my issue.
Can anyone explain me how to do it?
P.S. I think that it is neccesary to create an event and connect it to sms somehow but definitly have no idea how to do so.There is an EEM policy located at this link that can be used to send CLI commands over SMS.
https://supportforums.cisco.com/document/12316801/commands-over-sms -
Hello,
where can i find Documentations about the Cisco EEM?
With commands, instructions and so on...
For example: How can i configure my Cisco-819 4G Router to change the SIM-Card if the connection decreases (check with ping and so on).
If i understand the Documents i've read right, it is possible to implement tasks like this with the EEM, but i can't find any usefull Docs.
Thanks for your help!The following document describes the configuration for dual sim with automatic failover when the primary sim connection is lost.
http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/EHWIC-4G-LTESW.html#wp1305076
If you want to change the primary sim using EEM, you can use a combination of IPSLA and EEM applet to manually configure the primary sim.
Here is a good overview of some EEM commands.
you could potentially use "sh cell 0 sec | inc Active SIM" to determine the current active sim and then change to the opposing.
Below is an example using a GSM dual sim device. This is unvalidated and untested so test and adjust commands as needed but it should give you a start on how to change things.
ip sla 11
icmp-echo 8.8.8.8
threshold 4000
frequency 6
ip sla schedule 11 life forever start-time now
event manager applet CHECKSIM
event track 11 state down
action 01 cli command "enable"
action 02 cli command "sh cell 0 sec | inc Active SIM"
action 03 set commandresult $_cli_result
action 04 regexp "0" $commandresult
action 05 if $_regexp_result eq 1
action 06 syslog msg "Changing Primary SIM to 1"
action 07 cli command "enable"
action 08 cli command "conf t"
action 09 cli command "controller cellular 0"
action 10 cli command "gsm sim primary slot 1"
action 11 exit 0
action 12 end
action 13 regexp "1" $commandresult
action 14 if $_regexp_result eq 1
action 15 syslog msg "Changing Primary SIM to 0"
action 16 cli command "enable"
action 17 cli command "conf t"
action 18 cli command "controller cellular 0"
action 19 cli command "gsm sim primary slot 0"
action 20 exit 0
action 21 end
Maybe you are looking for
-
Mac Mini or iMac good for graphic apps?
I currently have an older G4, dual processor, 450 MHz, 768mb RAM running Tiger. I'm a graphic designer working mainly with Quark, Freehand, Photoshop. I'm not a heavy Photoshop user. I'm trying to decide if I should upgrade to a G5 tower, or if the n
-
I have a procedure that would retrieve some table info based on which computes the sum of transactions for different types of transactions. I want to prepare a summary transaction report that would give the total transactions for each transaction typ
-
Terminal window: how to close it ?
Hello, everytime i switch on my macbook the Terminal window appears on the dock, it opens and it stays open. It all started 2 months since then it happens everytime. It is automatic. So i do switch it off ? how do i make sure that it doesnt open anym
-
In the middle of writing an email the script turned to caps which I couldn't get rid of. Tried restarting but it took me to a 'safe boot' login page that I hadn't seen before. My password doesn't work. Caps still on? At no time was the caps log light
-
How to configure fiscal variant
Hi , Please provide me some steps or doc's related to Fiscal variant config Krish