For the past 5 years I have had AT&T business fiber connected to my C2901 router and its perfect. The only problem is that I work from home and the AT&T service costs $605 per month. Now T-Mobile Home Business internet service is available for $50/mo and I need to move over to T-Mobile for the cost savings.
I run a CME 12.0 phone system which requires a static public IP address. The reason is that with the ISP providing a private IP address, I only get one-way audio on calls. It would be nice to fix that problem but that is not what this post is about. My AT&T service has a static public IP and all works perfectly.
The C2900 has 2
gigabit Ethernet
ports and I added 1 fast Ethernet port. One Gb Ethernet port connects to my Cisco C3750G switch and the other Gb Ethernet port connects to the AT&T provided C4331 router. The Fa Ethernet port connects to the T-Mobile Inseego router/5G modem. Both external facing ports have the exact same ACL except the IP addresses are correct in each for their public IP address.
The problem is that when I set the
IP ROUTE 0.0.0.0 0.0.0.0
to the T-Mobile gateway, devices on the network cannot see the Internet but when I set
IP ROUTE 0.0.0.0 0.0.0.0
to the AT&T network all works perfectly.
Here is where things get even stranger when routed out T-Mobile. From the C2901 command prompt I CAN ping Internet IP addresses such as 4.2.2.2 and even url's such as google.com. From from the PC, nothing. Even stranger, my VoIP service DOES work as expected. Change the IP ROUTE out AT&T and back to perfect from the PC.
So, I tried connecting a laptop directly to the Inseego and would you believe that the laptop can reach the Internet as it should. One other funny thing, the laptop got its IP address via DHCP from the Inseego but when I set port
fa0/0/0
to IP ADDRESS DHCP, the router will NOT get the IP address from the Inseego. This is no big issue for me since I would rather enter the static IP manually anyways.
But why no DHCP at the router but DHCP at the laptop?
Why Internet connectivity at the router but not the PC while on T-Mobile yet both on AT&T?
One other piece of information. When I first started testing T-Mobile, they send me a CradlePoint router on their Business Internet 300GB plan. At first it did not work because they did not configure the CP with a static IP and in Pass-Through mode. Once those two things were configured correctly on the CradlePoint, it DID work perfectly. So now we know that the T-Mobile service can work as needed. I was using the CradlePoint under their 14 day trial period. It took about a week or more to get them to get the CP router configured correctly so I only had about 4-5 days of testing; which DID work correctly.
I had to switch back to the AT&T connection for a few days for some remote VPN access and when I went back to T-Mobile and still on the CradlePoint router, I had the very same problem that I am having on the Inseego, no Internet on the PC's. I just thought that my trial period was over and they were blocking me until I went permeate or returned the CP device.
I tried to get the Unlimited Home Business Internet service configured on the CradlePoint router but T-Mobile bricked it so they sent me the FX2000 by Inseego. When they set up the Inseego for me, they created a completely new T-Mobile account and a different static IP. I have spent OVER 8+ hours on the phone with T-Mobile (mostly on hold) trying to get tech support to solve this issue. NO SUCH LUCK!
Anyone have any ideas?
!
interface GigabitEthernet0/1
description AT&T Internet connection
ip address 1.4.2.5 255.255.255.248
ip access-group Protect-AT&T in
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/0/0
description T-Mobile Internet connection
ip address 7.2.3.1 255.255.255.0
ip access-group Protect-T-Mobile in
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 1.4.2.5x (or) 7.2.3.1x
ip access-list extended Protect-AT&T
permit ip host 17.77.23.4 any
permit tcp any host 1.4.2.5 eq 6969
permit udp any host 1.4.2.5 eq 6969
deny tcp any host 1.2.3.9 eq www log
deny tcp any host 1.6.2.3 eq www log
deny tcp any host 1.6.2.6 eq www log
permit tcp any any established
permit tcp any host 1.4.2.5 eq ftp
permit tcp any eq ftp any
permit tcp any host 1.4.2.5 eq domain
permit udp any host 1.4.2.5 eq domain
permit tcp any host 1.4.2.5 eq 443
permit udp any host 1.4.2.5 eq isakmp
permit tcp any host 1.4.2.5 eq 1194
permit udp any host 1.4.2.5 eq 1194
permit tcp any host 1.4.2.5 range 2000 2099
permit udp any host 1.4.2.5 eq non500-isakmp
permit udp host 1.4.2.5 any eq 5060
permit udp any host 1.4.2.5 range 16384 32767
permit gre any host 1.4.2.5
permit esp any host 1.4.2.5
permit ahp any host 1.4.2.5
permit ip object-group Radius_Clients host 1.1.1.19
permit udp any eq domain any
permit udp any eq 5010 any
permit tcp any host 1.4.2.5 eq 9090
permit udp any eq ntp any
permit icmp any any
deny ip any any log
!
ip access-list extended Protect-T-Mobile
permit ip host 17.7.2.4 any
permit tcp any host 7.2.3.1 eq 6969
permit udp any host 7.2.3.1 eq 6969
deny tcp any host 1.2.3.9 eq www log
deny tcp any host 1.6.2.3 eq www log
deny tcp any host 1.6.2.6 eq www log
permit tcp any any established
permit tcp any host 7.2.3.1 eq ftp
permit tcp any eq ftp any
permit tcp any host 7.2.3.1 eq domain
permit udp any host 7.2.3.1 eq domain
permit tcp any host 7.2.3.1 eq 443
permit udp any host 7.2.3.1 eq isakmp
permit tcp any host 7.2.3.1 eq 1194
permit udp any host 7.2.3.1 eq 1194
permit tcp any host 7.2.3.1 range 2000 2099
permit udp any host 7.2.3.1 eq non500-isakmp
permit udp host 7.2.3.1 any eq 5060
permit udp any host 7.2.3.1 range 16384 32767
permit gre any host 7.2.3.1
permit esp any host 7.2.3.1
permit ahp any host 7.2.3.1
permit ip object-group Radius_Clients host 7.2.3.1
permit udp any eq domain any
permit udp any eq 5010 any
permit tcp any host 7.2.3.1 eq 9090
permit udp any eq ntp any
permit icmp any any
deny ip any any log
