Solved: Re: Cellular Data Profile is stuck on INACTIVE on Cisco ISR 4221 - Page 2

Dunner1991 · ‎05-13-2020

We have recently decided to create an OOB management solution using a 4g SIM with Public IP

However we ran into issues where Public IP was not pingable and we could not ping the internet.

After a reboot the Public IP is reachable but now the LTE profile is in INACTIVE stateCellular Profile InactiveCellular Profile InactiveAPN

I have recreated the profile and re-attached it to the slot the IM is in (SLOT 0) but there is no change.

Does anyone have any ideas?

Dunner1991 · ‎05-13-2020

Hi @Georg Pauwen

I deleted the profile 2 with the following comands

no lte sim data-profile 2 attach-profile 2 slot 0

no profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4

This was the output after deletion

dub1-00-oob-wgw1#show cellular 0/1/0 profile

Profile password Encryption level = 7

Profile 1 = INACTIVE* **

--------

PDP Type = IPv4

Access Point Name (APN) = XXXXXXXXX

Authentication = None

* - Default profile

** - LTE attach profile

Configured default profile for active SIM 0 is profile 1.

I then re-added the profile

lte sim data-profile 2 attach-profile 2 slot 0

profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4

This is the output after profile 2 was recreated:

dub1-00-oob-wgw1#show cellular 0/1/0 profile 2

Profile password Encryption level = 7

Profile 2 = INACTIVE* **

--------

PDP Type = IPv4

Access Point Name (APN) = JTFIXEDPUBLIC

Authentication = None

* - Default profile

** - LTE attach profile

dub1-00-oob-wgw1#show cellular 0/1/0 profile

Profile password Encryption level = 7

Profile 1 = INACTIVE

--------

PDP Type = IPv4

Access Point Name (APN) = XXXXXXXXXXXX

Authentication = None

Profile 2 = INACTIVE* **

--------

PDP Type = IPv4

Access Point Name (APN) = JTFIXEDPUBLIC

Authentication = None

* - Default profile

** - LTE attach profile

Configured default profile for active SIM 0 is profile 2.

Georg Pauwen · ‎05-13-2020

Hello,

just to be sure the signal is strong enough, issue the command:

show cellular 0/1/0 all

and check for the section 'Radio Information' and a line similar to the one below:

Current RSSI = -125 dBm

What is the RSSI value ? Anything lower than 125 could mean either no antenna, or bad antenna or out of network.

Georg Pauwen · ‎05-13-2020

Hello,

try and put 'enacpsulation ppp' on the cellular interface:

interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1

--> encapsulation ppp
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1

Dunner1991 · ‎05-13-2020

HI @Georg Pauwen

This is the output from

show cellular 0/1/0 all | in RSSI

dub1-00-oob-wgw1#show cellular 0/1/0 all | in RSSI
Current RSSI = -52 dBm

So with this reading from the device, I am to assume that the network is not strong enough?

Georg Pauwen · ‎05-13-2020

Hello,

that value (-52) is within the acceptable range...

Dunner1991 · ‎05-13-2020

Hi @Georg Pauwen

Thank you for clarifying.

Also i have added the following to my config as per your suggestions i.e.

chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"

ip nat outside under the loopback 1 interface

encapsulation ppp was added under interface cellular 0/1/0 but does not show

dub1-00-oob-wgw1#show run int cellular 0/1/0
Building configuration...

Current configuration : 160 bytes
!
interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
end

But the profile 2 will not become Active and as a result I can't ping to the internet

Thanks,

Mark

Georg Pauwen · ‎05-13-2020

Hello,

try a dialer in combination with the cellular interface. The configuration would look like below (important parts marked in bold):

!
! Last configuration change at 10:52:50 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name cubictelecom.com
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
XXXXXXXXXXXXXXXXXXXXX
!
license udi pid ISR4221/K9 sn XXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
username xxxxxxxxxxxxxx
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
interface Loopback0
ip address x.x.x.x for OOB
ip nat inside
!
interface Loopback1
ip address X.X.X.X - Public IP assigned by telecom
--> ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address x.x.x.x - MGMT
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
--> no ip address
--> encapsulation ppp
--> ip nat outside
--> dialer in-band
--> dialer pool-member 1
--> dialer idle-timeout 0
--> dialer-group 1
--> pulse-time 1
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
--> interface Dialer1
--> ip address x.x.x.x
--> ip nat outside
--> ip virtual-reassembly
--> encapsulation ppp
--> dialer pool 1
--> dialer idle-timeout 0
--> dialer-group 1
!
no cdp enable
ip forward-protocol nd
no ip http server
ip http secure-server
--> ip nat inside source list 2 interface Dialer 1 overload
--> ip route 0.0.0.0 0.0.0.0 Dialer 1
ip route x.x.x.x 255.255.255.0 .x.x.x.x - VPN
ip route x.x.x.x 255.255.255.0 x.x.x.x - MGMT
ip route x.x.x.x 255.255.255.0 x.x.x.x - VPN2
ip route x.x.x.x 255.255.255.0 x.x.x.x
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
control-plane
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line XXX XXXX
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
end

Dunner1991 · ‎05-13-2020

Hi @Georg Pauwen

I added the additional configuration and have pasted my running config below, however there we some issues which i have highlighted below

dub1-00-oob-wgw1#show run
Building configuration...

Current configuration : 8638 bytes
!
! Last configuration change at 19:32:36 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name XXXXXXX
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
!
crypto pki certificate chain SLA-TrustPoint

crypto pki certificate chain TP-self-signed-691021271

!
license udi pid ISR4221/K9 sn XXXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
!
!
usernameXXXXXXXXXX privilege 15 XXXXXXXXXXXXX
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
!
!
!
!
!
!
!
interface Loopback0
ip address x.x.x.x - oob
ip nat inside
!
interface Loopback1
ip address Public Ip assigned by MNO /32
ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address X.X.X.X - MGMT A
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
no ip address
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1

***************when i try to add dialer pool-member 1 i get the below error

ub1-00-oob-wgw1(config-if)#dialer pool-member 1
%Remove Legacy DDR Configuration first

encapsualtion ppp doesn't show either
*****************************************************************************
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
interface Dialer1
ip unnumbered Loopback1 -- had to use this as it would not let me directly assign a /32
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip nat inside source list 2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route X.X.X.X 255.255.255.0 XXXXX - VPN
ip route X.X.X.X 255.255.255.0 XXXXX - MGMT
ip route X.X.X.X 255.255.255.0 XXXXXXX - VON
ip route X.X.X.X 255.255.255.0 XXXXXX - VPN
!
!
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
!
tacacs-server host XXXXX
tacacs-server XXXXXX
tacacs-server XXXXXXXXXXXXXXXX
!
!
control-plane
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line 0/2/0 0/2/15
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
!
!
!
!
!
end

Georg Pauwen · ‎05-14-2020

Hello,

can you try the simplified configuration below (important parts marked in bold) without the Loopback and the IP address being negotiated with SLIP ?

Last configuration change at 19:32:36 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name XXXXXXX
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
crypto pki certificate chain SLA-TrustPoint

crypto pki certificate chain TP-self-signed-691021271

!
license udi pid ISR4221/K9 sn XXXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
usernameXXXXXXXXXX privilege 15 XXXXXXXXXXXXX
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
interface Loopback0
ip address x.x.x.x - oob
ip nat inside
!
interface Loopback1
ip address Public Ip assigned by MNO /32
ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address X.X.X.X - MGMT A
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
ip address negotiated
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
ip forward-protocol nd
no ip http server
ip http secure-server
--> ip nat inside source list 2 interface Cellular 0/1/0 overload
--> ip route 0.0.0.0 0.0.0.0 Cellular 0/1/0
ip route X.X.X.X 255.255.255.0 XXXXX - VPN
ip route X.X.X.X 255.255.255.0 XXXXX - MGMT
ip route X.X.X.X 255.255.255.0 XXXXXXX - VON
ip route X.X.X.X 255.255.255.0 XXXXXX - VPN
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
tacacs-server host XXXXX
tacacs-server XXXXXX
tacacs-server XXXXXXXXXXXXXXXX
!
control-plane
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line 0/2/0 0/2/15
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
end

Dunner1991 · ‎05-14-2020

HI @Georg Pauwen

Under the cellular 0/1/0 it does not allow me to use encapsulation slip

i get the following options

arpa Standard Ethernet version 2.0
atm-dxi ATM-DXI encapsulation
frame-relay Frame Relay networks
hdlc Serial HDLC synchronous
lapb LAPB (X.25 Level 2)
ppp Point-to-Point protocol
smds Switched Megabit Data Service (SMDS)
x25 X.25

Dunner1991 · ‎05-14-2020

Hi @Georg Pauwen

Adding the ip address negotiated has brought the profile up.

The original Idea was to have the interface set to a static /32 but I see now that this won't work.

I will review again with MNO.

I would just like to say thank you very much for all your help over the last 2 days

Georg Pauwen · ‎05-14-2020

Hello,

glad that you got it resolved. To be honest, up until now I had not yet seen a setup where a loopback with a fixed IP address is being used for a cellular interface. Would be interesting to know if that is indeed what the ISP wanted you to do...

Dunner1991 · ‎05-18-2020

HI @Georg Pauwen

The ISP got back and basically said that they hand out their Static /32 addresses via static DHCP assignment

The loopback IP was just a method I had seen on another community discussion thread, in a case where a /32 address could not be configured on a physical interface. Just a workaround

Thanks,

Markl

Georg Pauwen · ‎05-18-2020

Hello,

good information, thanks for the update !