cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
65
Views
0
Helpful
1
Replies

Auto-failover to cellular: modem / framed-route problem

Johh_Dow
Beginner
Beginner

Situation:

I'm upgrading a part of our network. They are sites connected by radio links.

We also provide them with cellular (4G) connections for backup when the radio links go down or are being worked on. Sites use a mix of 897, 829 and 1113 model routers with built in cellular modems.

With current design, it's a manual swap to 4G as we're doing layer 2 over the links and static routing from the cores to the sites.

I'm moving the sites to layer 3 with OSPF. With dynamic routing in place, I can finally do auto-failover to cellular.

We use ISE and our cellular APN connects the router in to our IP MPLS network (provided by our service provider). ISE hands a framed-route (eg. 10.10.0.0/16) from the Identity setup.

Problem:

Even with the cellular interface shutdown (or not currently dialed?), the routers still have some form of cellular connection as they have authenticated with ISE and the framed-route has been pushed in to our network. Not a problem for our sites that only have cellular but for sites with another primary connection this is a problem because it messes with routing.

Eg: we'll have the 10.10.0.0/16 framed-route via the cellular and the same network available via OSPF over the radio link. The OSPF radio link will have the much lower metric so internally we'll prefer the OSPF routes but our service provider will prefer the framed-route which breaks internet traffic for the site.

Right now we power off the lte radio under the Controller configuration which is the only thing I've found which kills the framed-routes:

 

Controller Cellular 0
lte radio off

 

So with all that info, I figured a way to do auto-failover using IP SLAs and a EEM script which forces the cellular interface to shutdown AND the lte radio off....and then the reverse to bring the controller and interface back online when the IP SLA starts timing out because the radio links are down.

But I'd prefer the much simpler method of using dialer watch-list. Testing it, works well (dialing when a route provided by OSPF goes missing), however I run in to framed-route issue.

 

dialer watch-list 1 ip 10.253.253.8 255.255.255.248
dialer watch-list 1 delay route-check initial 300
dialer watch-list 1 delay disconnect 60

 

Along with above dialer-watch config, this is my current interface and controller configuration on my test bench:

 

controller Cellular 0/2/0
profile id 1 apn <hidden> authentication chap username <hidden> password <hidden> pdn-type ipv4
!
interface Cellular0/2/0
ip address negotiated
ip tcp adjust-mss 1318
shutdown
dialer in-band
dialer watch-group 1
ipv6 enable
pulse-time 1

 

Why do these routers seem to authenticate with ISE even with the Cellular interface shutdown? Has anyone come across this issue? I can't find much in my Google searches or Cisco documentation.

Thanks for any assistance provided.

1 ACCEPTED SOLUTION

Accepted Solutions

Johh_Dow
Beginner
Beginner

I figured it out - I got my hands on a managed router from our local ISP that was doing 4G failover and copied their method which testing in my lab and in production has worked perfectly. It involves creating a dummy cellular profile for profile 1. You then create your real profile 2. You then use certain lte sim commands under the cellular controller configuration. I'm not really sure why it works to be honest, but here's what my config looks like now:

cellular 0 lte profile create 1 auto-failover none
cellular 0 lte profile create 2 <apn> chap <username> <password> ipv4
!
controller Cellular 0
lte sim data-profile 2 attach-profile 1 slot 0
lte sim data-profile 2 attach-profile 1 slot 1
!
dialer watch-list 1 ip 10.1.1.0 255.255.255.0
dialer watch-list 1 delay route-check initial 240
dialer watch-list 1 delay disconnect 10
!
interface Cellular0
ip address negotiated
ip flow ingress
encapsulation slip
dialer in-band
dialer string lte
dialer watch-group 1
async mode interactive
!
ip route 0.0.0.0 0.0.0.0 Cellular0 250

Similar config has worked across multiple routers - 829, 897 and 113.

View solution in original post

1 REPLY 1

Johh_Dow
Beginner
Beginner

I figured it out - I got my hands on a managed router from our local ISP that was doing 4G failover and copied their method which testing in my lab and in production has worked perfectly. It involves creating a dummy cellular profile for profile 1. You then create your real profile 2. You then use certain lte sim commands under the cellular controller configuration. I'm not really sure why it works to be honest, but here's what my config looks like now:

cellular 0 lte profile create 1 auto-failover none
cellular 0 lte profile create 2 <apn> chap <username> <password> ipv4
!
controller Cellular 0
lte sim data-profile 2 attach-profile 1 slot 0
lte sim data-profile 2 attach-profile 1 slot 1
!
dialer watch-list 1 ip 10.1.1.0 255.255.255.0
dialer watch-list 1 delay route-check initial 240
dialer watch-list 1 delay disconnect 10
!
interface Cellular0
ip address negotiated
ip flow ingress
encapsulation slip
dialer in-band
dialer string lte
dialer watch-group 1
async mode interactive
!
ip route 0.0.0.0 0.0.0.0 Cellular0 250

Similar config has worked across multiple routers - 829, 897 and 113.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: