Re: 4G LTE configuration in new Cisco C1111-8PLTEEA

Quique · ‎06-22-2018

Dears,

Its the first time that i post here and i dont know if someone have had the same problem.

One month ago i bought a new router Cisco C1111 with 4G capabilites (C1111-8PLTEEA). The primary link is connected to a line FTTH via Movistar (Spanish ISP with 600mbps) and i would like to use the 4G via Cellular interface for backup porpuses.

Few years ago i configured with no problem a Cisco 2801 with hwic 3G HSPA but right now and form me its not posible to put the interface 4G on live in my new home router. The interface get the public ip address via spanish ISP but not posible to navigate to Internet.

With the new router and de XE IOS the confirguration is very easy. There is no need to put chat-script, dialer string or configure tty line. Just a profile and to configure the interface cellular together with dialer group, dialer list, ip route and nat olverload. Very simple and easy according to Cisco.

As i have already said that the cellular interfacer get the public ip address but it cant connect with Internet.

I show you my part of my running-config:

router#show cellular 0/2/0 profile 1
Profile password Encryption level = 7
Profile 1 = ACTIVE* **
--------
PDP Type = IPv4
PDP address = 176.82.52.28
Access Point Name (APN) = movistar.es
Authentication = PAP
Username = movistar
Password = 020B0B4D02151B205E
Primary DNS address = 80.58.61.250
Secondary DNS address = 80.58.61.254

* - Default profile
** - LTE attach profile

router#show cellular 0/2/0 connection
Profile 1, Packet Session Status = ACTIVE
        Cellular0/2/0:
        Data Packets Transmitted = 490 , Received = 137
        Data Transmitted = 34190 bytes, Received = 7508 bytes
        IP address = 176.82.52.28
        Primary DNS address = 80.58.61.250
        Secondary DNS address = 80.58.61.254

!

router#show ip inter brief
Interface IP-Address OK? Method Status Protocol
Cellular0/2/0 176.82.52.28 YES IPCP up up

!
controller Cellular 0/2/0
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!

interface Vlan200
ip address 172.26.200.1 255.255.255.0
ip nat inside
ip pim sparse-dense-mode
ip igmp helper-address 10.128.0.1
ip igmp helper-address udl GigabitEthernet0/0/1.2
ip igmp proxy-service
ip tcp adjust-mss 1452
end

!

interface Cellular0/2/0
ip address negotiated
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
ip virtual-reassembly
!

ip nat inside source list 1 interface Cellular0/2/0 overload

!

ip route 8.8.4.4 255.255.255.255 Cellular0/2/0
ip route 9.9.9.9 255.255.255.255 Cellular0/2/0

dialer-list 1 protocol ip list 1

router#ping 8.8.4.4 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.26.200.1
.....
Success rate is 0 percent (0/5)

router#ping 9.9.9.9 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
Packet sent with a source address of 172.26.200.1
.....
Success rate is 0 percent (0/5)

Information:

https://www.cisco.com/c/en/us/td/docs/routers/access/1100/software/configuration/xe-16-6/cisco_1100_series_swcfg_xe_16_6_x/cisco_1100_series_swcfg_chapter_01011.html#con_1380270

Thanks for helping me to resolve my problem.

Regards!

Georg Pauwen · ‎06-22-2018

Hello,

is this your full configuration ? Where is access list 1 ?

ip nat inside source list 1 interface Cellular0/2/0 overload

--> access-list 1 permit 172.26.200.0 255.255.255.0

Quique · ‎06-22-2018

Hi,

This is part of the configuration. I dont know if you need my entire running-config

Yes, I tried with extendend and standard access-list. The access-list 1 is a typical with permit any.

access-list 1 permit any

Georg Pauwen · ‎06-22-2018

Hello,

permit any

is usually not a good idea.

Try the access list I posted.

access-list 1 permit 172.26.200.0 255.255.255.0

Also, change your dialer-list statement to:

dialer-list 1 protocol ip permit

A default route might help as well:

ip route 0.0.0.0 0.0.0.0 Cellullar0/2/0

Quique · ‎06-22-2018

Hello George,

Thanks for reply me :)

I have just tried to modify my dialer-list with a new access-list and default ip route and still not working.

dialer-list 1 protocol ip list 2

access-list 2 permit 172.26.200.0 0.0.0.255

router#ping 8.8.4.4 source vlan 200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.26.200.1
.....

Also i have tried with others internet host like 8.8.8.8 or 9.9.9.9 and not working yet.

Quique · ‎06-22-2018

Hi Georg,

I attach my entire config.

Regards

Georg Pauwen · ‎06-22-2018

Hello,

I have made some changes to your configuration (important parts marked in bold). I don't know what interface Dialer 6 is being used for, it isn't bound to any physical interface, so I removed it altogether...

Current configuration : 7385 bytes
!
! Last configuration change at 11:58:10 METDST Fri Jun 22 2018 by kike
!
version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname VALDECALERAS
!
boot-start-marker
boot system bootflash:c1100-universalk9_ias.16.08.01.SPA.bin
boot-end-marker
!
!
logging buffered 8172
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
aaa session-id common
clock timezone MET 1 0
clock summer-time METDST recurring last Sun Mar 2:00 last Sun Oct 2:00
!
ip multicast-routing distributed
i
ip dhcp excluded-address 172.26.200.1 172.26.200.5
!
ip dhcp pool LAN_INTERNA
network 172.26.200.0 255.255.255.0
default-router 172.26.200.1
dns-server 172.26.200.250
domain-name lab.lasgabias.local
lease 7
!
subscriber templating
!
multilink bundle-name authenticated
!
license udi pid C1111-8PLTEEA sn FGL2216938V
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
!
controller Cellular 0/2/0
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.2
description ## IPTV ##
encapsulation dot1Q 2
ip address 10.134.101.141 255.128.0.0
ip nat outside
ip pim sparse-dense-mode
ip igmp query-interval 15
ip igmp unidirectional-link
!
interface GigabitEthernet0/0/1.3
description ## VOIP ##
encapsulation dot1Q 3
ip address dhcp
ip nat outside
!
interface GigabitEthernet0/0/1.6
description ## FTTH ##
encapsulation dot1Q 6
no cdp enable
pppoe enable group global
pppoe-client dial-pool-number 6
!
interface GigabitEthernet0/1/0
switchport access vlan 200
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/1/1
switchport access vlan 200
spanning-tree portfast
!
interface GigabitEthernet0/1/2
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/1/3
switchport access vlan 200
spanning-tree portfast
!
interface GigabitEthernet0/1/4
switchport access vlan 200
spanning-tree portfast
!
interface GigabitEthernet0/1/5
switchport access vlan 200
spanning-tree portfast
!
interface GigabitEthernet0/1/6
switchport access vlan 200
spanning-tree portfast
!
interface GigabitEthernet0/1/7
switchport access vlan 200
spanning-tree portfast
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
ip virtual-reassembly
!
interface Cellular0/2/1
no ip address
shutdown
!
interface Vlan1
ip address 172.26.254.1 255.255.255.0
ip nat inside
!
interface Vlan200
ip address 172.26.200.1 255.255.255.0
ip nat inside
ip pim sparse-dense-mode
ip igmp helper-address 10.128.0.1
ip igmp helper-address udl GigabitEthernet0/0/1.2
ip igmp proxy-service
ip tcp adjust-mss 1452
!
router rip
version 2
network 10.0.0.0
!
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
ip nat inside source static 172.26.200.245 interface GigabitEthernet0/0/1.2
ip nat inside source list 1 interface Cellular0/2/0 overload
ip nat inside source list 100 interface GigabitEthernet0/0/1.2 overload
!
ip forward-protocol nd
ip pim rp-address 10.128.0.1 2
no ip http server
no ip http authentication local
no ip http secure-server
ip dns server
!
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
ip route 10.31.255.128 255.255.255.224 GigabitEthernet0/0/1.3 dhcp
!
access-list 1 permit 172.26.0.0 0.0.255.255
access-list 100 deny igmp any any
access-list 100 deny pim any any
access-list 100 permit ip any any
dialer-list 1 protocol ip permit
!
route-map NAT_VOIP permit 1
match ip address 1
match interface GigabitEthernet0/0/1.3
!
route-map NAT_IPTV permit 1
match ip address 100
match interface GigabitEthernet0/0/1.2
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
privilege level 15
transport input ssh
!
ntp master
ntp server xxxx
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
end

Quique · ‎06-22-2018

Hi Georg

Interface dialer 6 is necesary to create the wan connection. As i said in the post, this router have two connections. The primary link via FTTH and for this, it is necesary the interface dialer6. The secundary link is the 4G interface.

I have just done all that you said and not working yet.

What is curious is the fact that i can do ping through dialer 6 but not for interface cellular taking the source inteface itself

ICMP test primary link (FTTH) with default route via dialer6:

router#ping 8.8.4.4 source dialer 6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
Packet sent with a source address of 83.39.210.xxx
!!!!!

ICMP 4G link (cellular) with default route via Cellular:

router#ping 8.8.4.4 source cellular 0/2/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.4.4, timeout is 2 seconds:
Packet sent with a source address of 176.82.52.28
.....
Success rate is 0 percent (0/5)

router#show cellular 0/2/0 connection
Profile 1, Packet Session Status = ACTIVE
        Cellular0/2/0:
        Data Packets Transmitted = 2522 , Received = 625
        Data Transmitted = 175049 bytes, Received = 36955 bytes
        IP address = 176.82.52.28
        Primary DNS address = 80.58.61.250
        Secondary DNS address = 80.58.61.254

Georg Pauwen · ‎06-22-2018

Hello,

can you ping 8.8.8.8 with source interface Vlan 1 or Vlan 200 ? Try that and check the NAT translation table...

Quique · ‎06-22-2018

Hi,

I post all that you ask me.

ping 9.9.9.9 source vlan 200 | source vlan 1

router#show ip nat translations | include 9.9.9.9

Pro Inside global         Inside local          Outside local         Outside global
icmp 10.134.101.141:57     172.26.200.1:57       9.9.9.9:57            9.9.9.9:57
icmp 10.134.101.141:56     172.26.254.1:56       9.9.9.9:56            9.9.9.9:56
icmp 10.134.101.141:55     172.26.254.1:55       9.9.9.9:55            9.9.9.9:55

ping 9.9.9.9 source vlan 200

router#show ip nat translations | include 8.8.4.4

Pro Inside global Inside local Outside local Outside global

icmp 10.134.101.141:57 172.26.200.1:57 9.9.9.9:57 9.9.9.9:57

I dont understand why the router takes as "Inside Global" the IP 10.134.101.141. This IP is my wan for IPTV. Look like a bug :S

Georg Pauwen · ‎06-22-2018

Hello,

--> ip nat inside source list 100 interface GigabitEthernet0/0/1.2 overload

Your access list 100 allows all traffic:

access-list 100 deny igmp any any
access-list 100 deny pim any any
access-list 100 permit ip any any

Which traffic do you want to NAT through that interface ?

It might be useful to post a schematic drawing of your network, in order to visualize all connections...

AndreasHoff · ‎11-06-2020

Hello, I`m new here and need your help.

i com from germany and i live in the country. herethere is not DSL, only LTE. I got an ISR1100 (C1113-8plteea-K9 because it can du up to 250 Mbot ( LTE Max). I tried to configoure the router but unfortunately it failed. I urgently need a step by step confoguration tutorial with examples. Many, many thanks for your help.

Georg Pauwen · ‎11-07-2020

Hello,

below is a sample configuration, have a look at that and see if you can get your network to come online. If you can't, post the full running configuration of you 1113 router, so we can fill in the bits and pieces. At the bottom, there is a link to the entre 4G LTE configuration guide.

Router# show running-config
Building configuration...
Current configuration : 2991 bytes
!
! Last configuration change at 21:31:48 UTC Mon May 18 2015
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service internal
no platform punt-keepalive disable-kernel-core
platform shell
!
hostname C1113-LTEEA
!
boot-start-marker
!
logging buffered 10000000
no logging console
enable password lab
!
no aaa new-model
!
subscriber templating
!
multilink bundle-name authenticated
icense udi pid ISR4321/K9 sn FDO181701PZ
!
spanning-tree extend system-id
!
ip dhcp excluded-address 192.168.1.1
!
ip nat pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
redundancy
mode none
!
controller Cellular 0/2/0
lte sim data-profile 16 attach-profile 16
lte gps mode standalone
lte gps nmea
lte modem link-recovery disable
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer watch-group 1
dialer-group 1
pulse-time 1
!
interface Cellular0/2/1
no ip address
shutdown
dialer in-band
pulse-time 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
no ip nat service dns tcp
no ip nat service dns udp
!
ip nat inside source list 1 interface Cellular0/2/0 overload
!
ip forward-protocol nd
ip http server
no ip http secure-server
ip http max-connections 16
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer watch-list 1 ip 8.8.8.8 255.255.255.255
dialer-list 1 protocol ip permit
!
snmp-server community public RO
snmp-server community private RW
snmp-server community lab RW
snmp-server host x.x.x.x public
snmp-server manager
control-plane
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
exec-timeout 0 0
stopbits 1
line vty 0 4
login
transport input all
!
end

https://www.cisco.com/c/en/us/td/docs/routers/access/1100/software/configuration/xe-16-7/cisco_1100_series_swcfg_xe_16_7_x/cisco_1100_series_swcfg_chapter_01011.html

AndreasHoff · ‎11-07-2020

Hallo dis is my startup-config

I hope that you can help me.

Thank you.

Using 2756 out of 33554432 bytes
!
! Last configuration change at 21:14:15 UTC Sat Nov 7 2020
! NVRAM config last updated at 21:25:48 UTC Sat Nov 7 2020
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint TP-self-signed-3049539297
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3049539297
revocation-check none
rsakeypair TP-self-signed-3049539297
!
!
crypto pki certificate chain TP-self-signed-3049539297
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
!
license udi pid C1113-8PLTEEA sn FGL233413S6
license boot level appxk9
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
controller Cellular 0/2/0
lte sim data-profile 2 attach-profile 2 slot 0
lte sim data-profile 2 attach-profile 2 slot 1
lte sim primary slot 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
controller VDSL 0/3/0
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
dialer in-band
dialer-group 2
ipv6 enable
pulse-time 1
ip virtual-reassembly
!
interface Cellular0/2/1
no ip address
shutdown
!
interface ATM0/3/0
no ip address
shutdown
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/3/0
no ip address
shutdown
no negotiation auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT interface Cellular0/2/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
ip route 192.168.1.0 255.255.255.0 Cellular0/2/0
ip route 192.168.1.254 255.255.255.255 Cellular0/2/0
!
!
ip access-list extended NAT
permit ip 192.186.1.0 0.0.0.255 any
!
access-list 2 permit any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip list 2
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
!
!
!
!
!
end

Router#

Georg Pauwen · ‎11-08-2020

Hello,

make the changes marked in bold. There was one crucial mistake in your config, a typo in the NAT access list, with that, nothing would work:

ip access-list extended NAT
--> permit ip 192.186.1.0 0.0.0.255 any This needs to be 192.168.1.0 0.0.0.255 any
!

Using 2756 out of 33554432 bytes
!
! Last configuration change at 21:14:15 UTC Sat Nov 7 2020
! NVRAM config last updated at 21:25:48 UTC Sat Nov 7 2020
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3049539297
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3049539297
revocation-check none
rsakeypair TP-self-signed-3049539297
!
crypto pki certificate chain TP-self-signed-3049539297
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
!
license udi pid C1113-8PLTEEA sn FGL233413S6
license boot level appxk9
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
!
controller Cellular 0/2/0
lte sim data-profile 2 attach-profile 2 slot 0
lte sim data-profile 2 attach-profile 2 slot 1
lte sim primary slot 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
controller VDSL 0/3/0
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
dialer in-band
--> dialer-group 1
ipv6 enable
pulse-time 1
ip virtual-reassembly
!
interface Cellular0/2/1
no ip address
shutdown
!
interface ATM0/3/0
no ip address
shutdown
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/3/0
no ip address
shutdown
no negotiation auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT interface Cellular0/2/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
--> no ip route 192.168.1.0 255.255.255.0 Cellular0/2/0
--> no ip route 192.168.1.254 255.255.255.255 Cellular0/2/0
!
ip access-list extended NAT
--> permit ip 192.168.1.0 0.0.0.255 any
!
--> no access-list 2 permit any
dialer-list 1 protocol ip permit
--> no dialer-list 2 protocol ip list 2
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
end