• Introduction
• Featured Expert
• Q:We have some vendors already offering 5G like T-Mobile. Will this work on those routers?
• Q:Is split-tunnel option available in this setup. or all internet traffic had to backhaul to DC? we do not have PnP setup yet in our environment.
• Q:Will the wireless module also support Band 14 (FirstNet) in the US?
• Q:What is the SW version used for this demo?
• Q:Do I need a LTE carrier for this to work? Is the Data Center the customer DC?
• Q:I'm currently having issues getting LTE to work with Verizon. My ISR1111 is built to accept Verizon LTE by default but I'm unable to get it working. Do you have any in-depth docs on this? My Sim is also built for Verizon LTE.
• Q:Does this assume that we have an SD-WAN solution set up already?
• Q:Is the bandwidth utilization on the sim included?
• Q:Can we request a demo device for testing?
• Q:How did the router get the signal to switch to SDWAN mode while booting up?
• Q:Was there a SDWAN.cfg file in the bootflash? Is it done by manufacturing before shitting?
• Q:Does it have all the root-ca-certs (especially Cisco) by default because I have noticed for some platforms root-ca-cert was missing and we had to fetch it manually from Vmanage so wasn’t it purely Zero Touch?
• Q:As a separate feature request, it sounds like the auto connection option is only available when a cellular connection is used. Is there a possibility that a WAN interface can default to DHCP so that the PnP can work from an Ethernet interface?
• Q:Is this a cloud-based solution? Can we deploy on-prem?
• Q:For LET APN's (out side of the US) is there an option to add them? For example on Vodafone's LTE we 1st need to add the APN to the configuration.
• Q:For a WAN solution, though, am I correct in assuming that we would need to configure the interface for DHCP? All of our routers come from the factory with the Ethernet interfaces defaulted to "no ip address" as opposed to "ip address dhcp".
• Q:I hope we have to follow the same steps for all geography across the world.
• Q:Will we see a 5G solution on the horizon?
• Q:Does it have all the root-ca-certs (especially Cisco) by default? Because I have noticed for some platforms root-ca-cert was missing and we had to fetch it manually from Vmanage so it wasn’t purely Zero Touch.
• Q:Does the onboard AP now connect to a WLC in an SD-WAN environment now, or would we need to use NSO if we want the AP to be part of an enterprise controller-based WiFi environment?
• Q:What is the cost?
• Q:How long to get a device once ordered?
• Q:Any plan for configuring the Wifi AP from vManage via templates? (no wireless controller).
• Q:Can Cisco router ISR 4431 load balance 2 internet links?
• Q:If we are using SIM cards with special APNs, will that automatically be picked up? Currently, in our 4k routers, we have to manually add an APN. As far as I know, the routers do not pick up the SIM, and the default APN for the carrier (Verizon) doe...
• Q:What would be the security measure in terms of connecting internet direct to router, is it required firewall as well?
• Q:Can we leverage this solution as an alternative to VPN for Work From Home?
• Q:Do they have coax port to connect off cable modem?
• Q:Does the router support dual active and active SIM connectivity?
• Q:Is it supporting Cisco DNA center?
• Q:Which model is our one case support Cisco SD-WAN?
• Related Information

This event had place on Thursday 28, May 2020 at 10hrs PDT

Introduction

In this session, Abhishek demonstrates the ease with which an end user, that has no network expertise, can connect a WAN router to the network headquarters of their company from any remote location. The event provides a deep-dive into three use cases that detail step-by-step the device on-boarding process for each one. Once the routers are connected to the network, it is possible to explore the WiFi and security features of the ISR 1000 and how they are provisioned.

Featured Expert

Abhishek Keswani is a Technical Marketing Engineer for the ISR 800, 900, and 1000 Series routers. Abhishek is extremely passionate about education for all. He holds a bachelor’s degree in engineering and a master’s degree in computer systems networking and telecommunications. Abhishek holds different programming certifications, such as the Python Network Programming, Coursera Programming for Everybody, and different edX certifications.

You can download the slides of the presentation in PDF format here.

Live Questions

Q:We have some vendors already offering 5G like T-Mobile. Will this work on those routers?

A: When we go 5G ready they can swap out the PIM CAT18 module and add the 5G module.

Q:Is split-tunnel option available in this setup. or all internet traffic had to backhaul to DC? we do not have PnP setup yet in our environment.

A: Yes split tunnel is possible. This needs to be done as part of the device template that can be pushed down to the device for Day-0.

Q:Will the wireless module also support Band 14 (FirstNet) in the US?

A:Yes our PIM CAT18 module supports Band 14 for FirstNet. We will go over that in this event.

Q:What is the SW version used for this demo?

A: Single image 17.2.1r CCO released image on the router and vManage version 20.1.

Q:Do I need a LTE carrier for this to work? Is the Data Center the customer DC?

A: You do need a carrier. I believe the SIM card that we are using is from AT&T. DC is Data Center or HQ for Head Quarters.

Q:I'm currently having issues getting LTE to work with Verizon. My ISR1111 is built to accept Verizon LTE by default but I'm unable to get it working. Do you have any in-depth docs on this? My Sim is also built for Verizon LTE.

A:If the ISR has a SmartNet contract, please open a TAC case to troubleshoot this issue. Refer to this link: https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/4GLTENIM_SW.html there is troubleshooting section here / https://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/ehwic-4g-ltesw-book.html and http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/NIM/software/configuration/guide/4GLTENIM_SW.html#pgfId-1447938.

Q:Does this assume that we have an SD-WAN solution set up already?

A:Yes, we need the controllers spun up either on-prem or in the cloud (vBond, vManage and vSmart) and then onboard a WAN edge device. It is all fully automated - Zero Touch.

Q:Is the bandwidth utilization on the sim included?

A: CAT18 1.2 G DL and 500 MB UL speed. As for utilization, I am not sure what you mean by it is included in the SIM.

Q:Can we request a demo device for testing?

A:Please, work with your local Cisco Account Team.

Q:How did the router get the signal to switch to SDWAN mode while booting up?

A:Router by default has PnP config. When it reaches out to devicehelper.cisco.com and if the router serial no is there and a PnP server or vBond IP is assinged for the serial number then, it will reach out to vBond. Abhi just did a recap verbally as well.

Q:Was there a SDWAN.cfg file in the bootflash? Is it done by manufacturing before shitting?

A: No. Manufacturing does not have to do anything. We handle all of that via PnP portal assigning vBond IP or PnP server such as NSO server IP on the PnP portal. Absolutely Zero Touch.

Q:Does it have all the root-ca-certs (especially Cisco) by default because I have noticed for some platforms root-ca-cert was missing and we had to fetch it manually from Vmanage so wasn’t it purely Zero Touch?

A:We have validated AT&T, Verizon, and T-Mobile.

Q:As a separate feature request, it sounds like the auto connection option is only available when a cellular connection is used. Is there a possibility that a WAN interface can default to DHCP so that the PnP can work from an Ethernet interface?

A: Yes. For the situation that we are currently the solution goes over LTE but of course, WAN interface with DHCP will work perfectly as well.

Q:Is this a cloud-based solution? Can we deploy on-prem?

A:Yes our SD-WAN controllers can be either on the cloud or on-prem.

Q:For LET APN's (out side of the US) is there an option to add them? For example on Vodafone's LTE we 1st need to add the APN to the configuration.

A:So long as the LTE interfaces acquire and IP address, be able to resolve names, and reach devicehelper.cisco.com it can reach the PnP server or our vBond server.

Q:For a WAN solution, though, am I correct in assuming that we would need to configure the interface for DHCP? All of our routers come from the factory with the Ethernet interfaces defaulted to "no ip address" as opposed to "ip address dhcp".

A:Our PnP process enables DHCP off of one interface at a time and add a default route out that interface and see if it can reach devicehelper.cisco.com until it is successful and uses that interface.

Q:I hope we have to follow the same steps for all geography across the world.

A:Yes, we have customers all over the world.

Q:Will we see a 5G solution on the horizon?

A: Yes, we are working on it. Very soon!

Q:Does it have all the root-ca-certs (especially Cisco) by default? Because I have noticed for some platforms root-ca-cert was missing and we had to fetch it manually from Vmanage so it wasn’t purely Zero Touch.

A:Yes. We have Cisco, Digi Cert, Avnet root certs already on the box. We also make sure the device is an authentic Cisco device with SUDI cert.

Q:Does the onboard AP now connect to a WLC in an SD-WAN environment now, or would we need to use NSO if we want the AP to be part of an enterprise controller-based WiFi environment?

A: CAPWAP mode AP configuration with DHCP option 43 has been validated with both SD-WAN as well as our NSO options. Both work perfectly fine. 

Q:What is the cost?

A: Please, reach out to your local Cisco account team for pricing information.

Q:How long to get a device once ordered?

A:The lead-time presently is about 4-6 weeks.

Q:Any plan for configuring the Wifi AP from vManage via templates? (no wireless controller).

A:We are working on it. We might provide some lightweight options on vManage but not the entire EWC config and ME. That is just not possible.

Q:Can Cisco router ISR 4431 load balance 2 internet links?

A:If you handle routing, it is definitely possible. You will have NAT, FW, etc. care must be taken with routing.

Q:If we are using SIM cards with special APNs, will that automatically be picked up? Currently, in our 4k routers, we have to manually add an APN. As far as I know, the routers do not pick up the SIM, and the default APN for the carrier (Verizon) does not work.

A: Yes, we have validated a number of different LTE SIM cards. We have validated Verizon. In this demonstration, we're using at&t, but as part of a different demonstration we did use Verizon, it was just a case of upgrading to the latest firmware, that made it work for us. And you can find that firmware again on software.cisco.com, that will be upgrading your LTE pin module to the latest firmware.

Q:What would be the security measure in terms of connecting internet direct to router, is it required firewall as well?

A: Yes, absolutely. Anytime you provision, a device on the internet. We definitely need to be paranoid and implement a stateful firewall, that is natively available on our routing platform, any router that you take is 5G do or is on 4k or one K, we can implement firewall IPS URL filtering the entire stack with amp and threat grid in case of SDN and stateful firewall, the umbrella redirection, and IPS, in case of non-SD-WAN.

Q:Can we leverage this solution as an alternative to VPN for Work From Home?

A: This would completely solve that problem. However, to go over the guides that I had said in the links, they also go over how we can use VPN technology to connect from our home devices to the routers as well. But yes, this can be leveraged, in place of that.

Q:Do they have coax port to connect off cable modem?

A: No we don't. We do not have any coax exports on that one. Usually, that cable modem has codecs and that goes in the wall, and it has an rz of 45, and on the other side, that feeds into the is an odd one gate out there.

Q:Does the router support dual active and active SIM connectivity?

A: Yes. 1109 is our 1109 routers that I went over, they do support dual active LTE. That's because we have to do LDA module slot in that chapter.

Q:Is it supporting Cisco DNA center?

A: Yes, absolutely. We have also validated the solution to work in the DNA center, just the same as NSO as we showed in that demonstration.

Q:Which model is our one case support Cisco SD-WAN?

A: There is only one specific model that does not support SDN, but all our routers are our 4k and one k that run iOS xe or in the single image. If it supports the controller mode image. Those routers can be onboarded onto our SDN fabric.

Related Information

• Slides from the event
• Video from the live event
• Ask Me Anything session from the event