cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live

Remote Workforce Routing Solution - Cisco SD-WAN

6837
Views
15
Helpful
2
Comments

Goal

Network Admin

To provide a solution to quickly setup a router at a remote location that supports WiFi and provides instant internet access using LTE as a transport while deploying with Cisco SD-WAN.

Remote Worker

Plug the router to a power source and provide internet connectivity to the router by inserting a SIM card or connecting an ethernet cable from the WAN interface to the service provider modem

Supported Platforms

Cisco Integrated Service Router (ISR) Series 1000 with LTE and WiFi capability.

Supported Router Models and Required Licenses

PID License Requirements

Image Required

C1121X-8PLTEPWY*​ with P-LTEAP18-GL** Remote Workforce Routing (DNA-RW-R) 17.2
C1121-8PLTEPWY* with P-LTEAP18-GL** Remote Workforce Routing (DNA-RW-R) 16.12
C1111-8PW Remote Workforce Routing (DNA-RW-R) 16.12
C1109-4PLTE2PW**​ with 2x P-LTEA​ Remote Workforce Routing (DNA-RW-R) 16.12
C1117-4PW​ Remote Workforce Routing (DNA-RW-R) 17.4 (Nov)
C1111-4PW Remote Workforce Routing (DNA-RW-R) 17.4 (Nov)
* Wi-Fi domain WY; Y = A, E, B, Z
** P-LTEAP18-GL available Europe & US only. For global CAT6 LTE options please visit Cisco Integrated Service Router (ISR) 1000 Datasheet​
*** Wi-Fi domain W* = A, B, D, E, Q, R, Z 

Documentation

Cisco Integrated Service Router (ISR) Series 1000 Datasheet

Cellular WAN Datasheet

Cisco Integrated Service Router (ISR) Series 1000 Configuration Guides 

Cisco SD-WAN Ordering Guide

Cisco Integrated Service Router (ISR) LTE Configuration Guide

Cisco Integrated Service Router (ISR) ISR ME Configuration Guide

802.1x Authentication Guide

DHCP Option 43 Guide for CAPWAP AP mode

Prerequisites

Cisco Integrated Service Router (ISR) must be running Cisco XE SD-WAN version 17.2.1 or above. 

ISR: https://software.cisco.com/download/home/286315006/type/282046477/release

CAT18 LTE PIM: https://software.cisco.com/download/home/286288566

Use Case

Screen Shot 2020-03-20 at 11.23.55 AM.png

For small office, small retail stores, pop-up offices where workers need to quickly establish connectivity to the internet and at the same time connect back to their data center to gather/store information, these light-weight, desktop routers are easy to setup and capable of providing instant connectivity over LTE. 

 

 

Step-By-Step Guide (Network Admin responsibilities)

Add Devices to Smart Account

1. Navigate to software.cisco.com

2. Under Network Plug and Play, click on Plug and Play Connect

Picture1.png

Picture2.png

3. Click on Identify Device

4. Enter Serial Number, select Base PID  (C1121X-8PLTEPWB) from the drop down menu and add Controller Profile (VIPTELA-CLOUD-HOSTED-PROFILE) from the drop down menu. Click Save and advance to the next step by clicking Next

Picture3.png

5. Verify the credentials and click Submit

Picture4.png

6. If device is added correctly, you should see a success message (such as shown below):

Picture5.png

7. You will be redirected to the PnP Devices tab, where you should find your device (identifiable by Serial Number) listed with a status of Pending (Redirection) 

Picture6.png

Sync Smart Account & Controllers via vManage

1. Log in to vManage

2. Go to Configuration  Devices and click on Sync Smart Account. When prompted, enter CEC Credentials

Picture7.png

3. Upon completion, the Success message will appear in the task window, as shown below:

Picture9.png

4. Next, navigate to Configuration  Certificates and click the Send to Controllers button on the top left

Picture10.png

5. Identify that your router’s serial number is listed under WAN Edge List. This verifies successful synchronization of vManage with your Smart Account.

Picture11.png

Pre-provision Base Configurations

1. Go to Configuration  Templates, click Create Template, then select From Feature Template under Device

Picture12.png

2. Select Device Model from drop down menu. Add Template Name. And lastly, add Description.

Picture13.png

3. Under Transport & Management VPN click the - sign after Cisco VPN Interface Ethernet and click the + sign for VPN Interface Cellular.

4. From the drop down, click on Create Template 

5. Enter Template Name

6. Enter Description 

7. Make sure Shutdown and Interface Name are in Global Mode. Next, select No Shutdown and name the interface

Picture14.png

8. Ensure Tunnel Interface and NETCONF are in Global Mode and are turned on:

Picture15.png

9. Then click Save. After clicking Save, you will be redirected back to your device template. Once here, scroll down to Cellular section and create a new template for Cellular Controller

Picture16.png

10. Enter Template Name, Description, and add Cellular ID. Then click Save

Picture17.png

11. Scroll to the bottom of the Device Template and click on Create

12. Now, attach your Cisco router to the template created above. To do so, go to Configuration  Template. Under Devices, select the template you had created by clicking on the three dots, and click Attach Devices

Picture18.png

13. Identify your device and move it from Available Devices to the Selected Devices section and click Attach

Picture19.png

14. Select Edit Device Template to add Hostname, System IP and Site ID:

Picture20.png

15. Add Hostname, System IP and Site ID. Click Update. You should now see a green check-mark for Status. Click Next

Picture21.png

16. Select your device from the column to the left, and click Configure Devices

Picture22.png

17. If all the steps are completed correctly, now you will see Validation Success and Done - Scheduled Status. Once the device is turned on with the LTE SIM inserted, vManage will push the configured template.

Picture23.png

Pre-provision WiFi Configuration (ME/CAPWAP mode)

Here you can find instructions to configure the router in both ME as well as CAPWAP mode (see step 6 for CAPWAP)

1. Go to Configuration  Templates, click Create Template, then under Feature click Add Template

Picture1.png

2. From the list, make sure to select the exact PID being used, in this example: C1121X-8PLTEPW*

Picture2.png

3.  Add Template Name. And add Description. Ensure Shutdown is in Global mode and selected as No Shutdown. Add VLAN Interface Name and IPv4 Address and Click Save.

Picture3.png

4. Add DHCP server for controller to connect to the internet and provide IP addressing to AP and its clients. Go to Configuration  Templates, click Create Template, then under Feature click Add Template. Scroll down to Other Templates and select Cisco DHCP Server (LAN) from the menu

Picture4.png

5. Add template name, description and use the example below as reference for Address Pool and Excluded Address configs

Picture5.png

6. (Only for CAPWAP mode) Scroll down to New DHCP Option to assign AP to external Wireless Lan Controller. Select DHCP Option 43. Next select HEX radio button and enter hexadecimal IP address pointing to external WLC. Click Add

Picture6.png

 7. Scroll down to Advanced and assign a Default Gateway and DNS Server. Click Save.

Picture7.png

8. Add WLAN interface for communication between AP and router. Go to Configuration  Templates, click Create Template, then under Feature click Add Template. Scroll down to Other Templates and select Switchport (Management|WAN|LAN) from the menu

Picture9.png

9. Add Template Name, Description, Slot, sub-slot and module as per the Wlan-Gigabit interface of your router. (For example: Wlan-Gigabit interface for ISR 1121X-8PLTEPW* is 0/1/8)

Picture10.png

10. Under Interface click New Interface. Select Wlan-GigabitEthernet port from the drop down menu. Ensure Shutdown is in Global mode and selected as No Shutdown. Lastly, Configure the switchport as an access port and assign a VLAN Name and VLAN ID. Click Add, then Save.

Picture11.png

11. Add service VPN feature templates to Device Template. Go to Configuration  Templates, under Devices select the Device Template associated with the router.

Picture12.png

12. Scroll down to Service VPN section and click Add VPN.

Picture13.png

13. Click Create VPN Template on the bottom of the screen and add the template configuration previously configured

Picture14.png

14. Under IPV4 Route select New IPv4 Route. Add prefix 0.0.0.0/0 and select the Gateway radio button for VPN. Select the ON radio button for Enable VPN and Click Save.

Picture15.png

15. Next, select the new template created, click the right arrow and press Next.

Picture16.png

16. From the right side menu, select the VPN Interface SVI sub-template. From the drop down menu under “VPN Interface SVI” select SVI feature template previously created. Then, click on +Sub-Template and select Cisco DHCP Server and Save the configurations.

Picture17.png

17. Now, scroll to the bottom of the screen, select WLAN Interface feature template previously configured, under Switch Port and click Update

Picture18.png

Pre-provision 802.1x Configuration

Here you can find instructions to configure the router with 802.1x (dot1x) support. This section includes essential 802.1x feature configuration. Some of the pages may also be invoked in other sections.  

1. Go to Configuration  Templates, click Create Template, then under Feature click Add Template

Picture1.png

2. From the list, make sure to select the exact PID being used, in this example: C1161X-8P . In the template section, select Cisco AAA template.

Picture1.png

3. Add Template Name. And add Description.

Picture1.png

4. In section of RADIUS, select new readius server

Picture1.png

5. Input customized radius server information used for dot1x/mab authentication,
including server ip address, L4 authentication or accounting port and shared key
Then click Add

Picture1.png

6. In RADIUS GROUP section , select the sever just added and then click Add

Picture1.png

7. In 802.1X section, enable both Authentication Param and Accounting Param , then Click Save to finish aaa feature template

Picture1.png

8. Again Go to back to Configuration → Templates, click Create Template, then under Feature click Add Template
From the list, make sure to select the exact PID being used, in this example: C1161X-8P
Select Switch Port template

Picture1.png

9. Add Template Name. And add Description

Picture1.png

10. Update basic slot/module info and click New interface
     Update interface name for Dot1x client and update basic switch port config

Picture1.png

11. Select On for 802.1x and select PAE types as Yes
Choose control direction / host mode / Periodic Reauthentication as customer Designed

Picture1.png

12. In Advanced Options section, update the customized dot1x feature requirements which applied and then click Add

Picture1.png

13. Repeat interfaces add and after all interfaces updated, click Save to end switchport feature template edit

Picture1.png

14. Go back to Configuration → Templates, click Create Template, then under Feature click Add Template
     From the list, make sure to select the exact PID being used, in this example: C1161X-8P
     Select Cli Add-On Template

Picture1.png

15. Update template name and Description
     Update customized radius authen/account attributes and then Click Save

 
 

Picture1.png

16. Go to Configuration → Templates, under Devices select the Device Template associated with the router and click edit
    Picture12.png

 

17. In section of Cisco AAA , select the aaa feature temlate just created

Picture1.png

18. In section of the Cli Add-on Template , select the cli Add-on template just created

Picture1.png

19. In section of Switch Port , select the switch port feature template just created
     Click Create/ Save to finish device template creation/edition

Picture1.png

20. 802.1x feature configuration done. Follow other chapter for thereafter process with configuration attach devices and sync.

Configure SSID (ME Mode only)

If you have configured the router with an external WLC using DHCP Option 43 as mentioned in step 6 of WiFi Configurations, the router will receive an SSID from the external WLC. 

If you are configuring the router in ME mode, the following process will guide you to deploy the router with your personal configurable SSID for direct internet access:

1. Power up the router. From PC, connect to SSID CiscoAirProvision. Enter default Password for CiscoAirProvision as password

 2. Open a web browser, and access http://mobilityexpress.cisco/screens/day0-config.html Go through the setup wizard to create Admin Username, Admin Password, SSID and Passphrase. Mobility Express Controller will reboot.

Screen Shot 2020-06-02 at 5.21.00 PM.pngScreen Shot 2020-06-02 at 5.21.48 PM.png

3. You should now find the personal SSID reachable through your phone or laptop device

Verification (Remote User)

1. Add the SIM card to the device module's SIM slot and power on the device. After doing so, console in to the device. 

Verification (Network Admin)

1. Do not interrupt device on-boarding by pressing any keys on the console terminal window.

Allow approximately 7 minutes (after the reboot of the device) for vManage to push the configured template automatically to the router. Upon successful completion, open the vManage Dashboard and find your router added to the WAN edge and see that it's reachable.

Picture24.png

 

Picture25.png

2. Verify the functionality of the SIM card by running the following commands:

Router#show cellular 0/2/0 hardware               //check for Carrier information 
Modem Firmware Version = 32.00.114
Host Firmware Version = 32.00.004_2
Device Model ID =  LM960A18
International Mobile Subscriber Identity (IMSI) = 310260154954279
International Mobile Equipment Identity (IMEI) = 358347100003170
Integrated Circuit Card ID (ICCID) = 8901260151749542798
Mobile Subscriber Integrated Services
Digital Network-Number (MSISDN) = 18574157134
Modem Status = Modem Online
Current Modem Temperature = 30 deg C
PRI version = 1023, Carrier = Generic
OEM PRI version = 32101006

Note: The cellular SIM slot (i.e., 0/2/0 in our scenario) may vary depending on which slot you inserted the SIM in.

3. Check signal strength (RSSI) and Radio Access Technology (RAT). The RSSI is based on various factors (i.e., range from cellular tower, usage density in location, etc.). Check to see if the RAT matches the data plan purchased from your cellular carrier.

Router#show cellular 0/2/0 radio 
Radio power mode = Online
LTE Rx Channel Number(PCC) =  926
LTE Tx Channel Number(PCC) =  18926
LTE Band =  66
LTE Bandwidth = 5 MHz
Current RSSI = -82 dBm
Current RSRP = -112 dBm
Current RSRQ = -16 dB
Current SNR = -1.5  dB
Physical Cell Id = 55
Number of nearby cells = 2
Idx      PCI (Physical Cell Id)
--------------------------------
1              55
2              57
Radio Access Technology(RAT) Preference = AUTO 
Radio Access Technology(RAT) Selected = LTE
Comments
karechan
Cisco Employee

Thank you for the detailed steps.  In which step is the Wifi configuration put on the ISR? It doesn't appear to be part of the device template created in vManage, but I could be wrong. I am not that familiar with vManage. Could you also post the details of that Wifi configuration in whichever file that resides in?  Thanks in advance!!

Randeep Singh
Cisco Employee

Hi @karechan,

Thank you for reaching out. The steps have been modified. You'll find the WiFi configuration steps in the "Pre-provision WiFi Configuration (ME/CAPWAP mode)" section of the document.