05-13-2020 02:56 AM
We have recently decided to create an OOB management solution using a 4g SIM with Public IP
However we ran into issues where Public IP was not pingable and we could not ping the internet.
After a reboot the Public IP is reachable but now the LTE profile is in INACTIVE stateCellular Profile InactiveCellular Profile InactiveAPN
I have recreated the profile and re-attached it to the slot the IM is in (SLOT 0) but there is no change.
Does anyone have any ideas?
Solved! Go to Solution.
05-13-2020 04:59 AM
I deleted the profile 2 with the following comands
no lte sim data-profile 2 attach-profile 2 slot 0
no profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
This was the output after deletion
dub1-00-oob-wgw1#show cellular 0/1/0 profile
Profile password Encryption level = 7
Profile 1 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = XXXXXXXXX
Authentication = None
* - Default profile
** - LTE attach profile
Configured default profile for active SIM 0 is profile 1.
I then re-added the profile
lte sim data-profile 2 attach-profile 2 slot 0
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
This is the output after profile 2 was recreated:
dub1-00-oob-wgw1#show cellular 0/1/0 profile 2
Profile password Encryption level = 7
Profile 2 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = JTFIXEDPUBLIC
Authentication = None
* - Default profile
** - LTE attach profile
dub1-00-oob-wgw1#show cellular 0/1/0 profile
Profile password Encryption level = 7
Profile 1 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = XXXXXXXXXXXX
Authentication = None
Profile 2 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = JTFIXEDPUBLIC
Authentication = None
* - Default profile
** - LTE attach profile
Configured default profile for active SIM 0 is profile 2.
05-13-2020 05:13 AM
Hello,
just to be sure the signal is strong enough, issue the command:
show cellular 0/1/0 all
and check for the section 'Radio Information' and a line similar to the one below:
Current RSSI = -125 dBm
What is the RSSI value ? Anything lower than 125 could mean either no antenna, or bad antenna or out of network.
05-13-2020 05:23 AM
Hello,
try and put 'enacpsulation ppp' on the cellular interface:
interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1
--> encapsulation ppp
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
05-13-2020 05:46 AM - edited 05-13-2020 06:33 AM
This is the output from
show cellular 0/1/0 all | in RSSI
dub1-00-oob-wgw1#show cellular 0/1/0 all | in RSSI
Current RSSI = -52 dBm
So with this reading from the device, I am to assume that the network is not strong enough?
05-13-2020 07:17 AM
Hello,
that value (-52) is within the acceptable range...
05-13-2020 07:27 AM
Thank you for clarifying.
Also i have added the following to my config as per your suggestions i.e.
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
ip nat outside under the loopback 1 interface
encapsulation ppp was added under interface cellular 0/1/0 but does not show
dub1-00-oob-wgw1#show run int cellular 0/1/0
Building configuration...
Current configuration : 160 bytes
!
interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
end
But the profile 2 will not become Active and as a result I can't ping to the internet
Thanks,
Mark
05-13-2020 08:40 AM
Hello,
try a dialer in combination with the cellular interface. The configuration would look like below (important parts marked in bold):
!
! Last configuration change at 10:52:50 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name cubictelecom.com
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
XXXXXXXXXXXXXXXXXXXXX
!
license udi pid ISR4221/K9 sn XXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
username xxxxxxxxxxxxxx
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
interface Loopback0
ip address x.x.x.x for OOB
ip nat inside
!
interface Loopback1
ip address X.X.X.X - Public IP assigned by telecom
--> ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address x.x.x.x - MGMT
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
--> no ip address
--> encapsulation ppp
--> ip nat outside
--> dialer in-band
--> dialer pool-member 1
--> dialer idle-timeout 0
--> dialer-group 1
--> pulse-time 1
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
--> interface Dialer1
--> ip address x.x.x.x
--> ip nat outside
--> ip virtual-reassembly
--> encapsulation ppp
--> dialer pool 1
--> dialer idle-timeout 0
--> dialer-group 1
!
no cdp enable
ip forward-protocol nd
no ip http server
ip http secure-server
--> ip nat inside source list 2 interface Dialer 1 overload
--> ip route 0.0.0.0 0.0.0.0 Dialer 1
ip route x.x.x.x 255.255.255.0 .x.x.x.x - VPN
ip route x.x.x.x 255.255.255.0 x.x.x.x - MGMT
ip route x.x.x.x 255.255.255.0 x.x.x.x - VPN2
ip route x.x.x.x 255.255.255.0 x.x.x.x
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
control-plane
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line XXX XXXX
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
end
05-13-2020 10:46 PM
I added the additional configuration and have pasted my running config below, however there we some issues which i have highlighted below
dub1-00-oob-wgw1#show run
Building configuration...
Current configuration : 8638 bytes
!
! Last configuration change at 19:32:36 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name XXXXXXX
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
!
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-691021271
!
license udi pid ISR4221/K9 sn XXXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
!
!
usernameXXXXXXXXXX privilege 15 XXXXXXXXXXXXX
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
!
!
!
!
!
!
!
interface Loopback0
ip address x.x.x.x - oob
ip nat inside
!
interface Loopback1
ip address Public Ip assigned by MNO /32
ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address X.X.X.X - MGMT A
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
no ip address
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
***************when i try to add dialer pool-member 1 i get the below error
ub1-00-oob-wgw1(config-if)#dialer pool-member 1
%Remove Legacy DDR Configuration first
encapsualtion ppp doesn't show either
*****************************************************************************
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
interface Dialer1
ip unnumbered Loopback1 -- had to use this as it would not let me directly assign a /32
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer-group 1
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip nat inside source list 2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route X.X.X.X 255.255.255.0 XXXXX - VPN
ip route X.X.X.X 255.255.255.0 XXXXX - MGMT
ip route X.X.X.X 255.255.255.0 XXXXXXX - VON
ip route X.X.X.X 255.255.255.0 XXXXXX - VPN
!
!
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
!
tacacs-server host XXXXX
tacacs-server XXXXXX
tacacs-server XXXXXXXXXXXXXXXX
!
!
control-plane
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line 0/2/0 0/2/15
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
!
!
!
!
!
end
05-14-2020 12:53 AM
Hello,
can you try the simplified configuration below (important parts marked in bold) without the Loopback and the IP address being negotiated with SLIP ?
Last configuration change at 19:32:36 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name XXXXXXX
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-691021271
!
license udi pid ISR4221/K9 sn XXXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
usernameXXXXXXXXXX privilege 15 XXXXXXXXXXXXX
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
interface Loopback0
ip address x.x.x.x - oob
ip nat inside
!
interface Loopback1
ip address Public Ip assigned by MNO /32
ip nat outside
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address X.X.X.X - MGMT A
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
ip address negotiated
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
ip forward-protocol nd
no ip http server
ip http secure-server
--> ip nat inside source list 2 interface Cellular 0/1/0 overload
--> ip route 0.0.0.0 0.0.0.0 Cellular 0/1/0
ip route X.X.X.X 255.255.255.0 XXXXX - VPN
ip route X.X.X.X 255.255.255.0 XXXXX - MGMT
ip route X.X.X.X 255.255.255.0 XXXXXXX - VON
ip route X.X.X.X 255.255.255.0 XXXXXX - VPN
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
tacacs-server host XXXXX
tacacs-server XXXXXX
tacacs-server XXXXXXXXXXXXXXXX
!
control-plane
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line 0/2/0 0/2/15
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
end
05-14-2020 01:28 AM
Under the cellular 0/1/0 it does not allow me to use encapsulation slip
i get the following options
arpa Standard Ethernet version 2.0
atm-dxi ATM-DXI encapsulation
frame-relay Frame Relay networks
hdlc Serial HDLC synchronous
lapb LAPB (X.25 Level 2)
ppp Point-to-Point protocol
smds Switched Megabit Data Service (SMDS)
x25 X.25
05-14-2020 01:37 AM
Adding the ip address negotiated has brought the profile up.
The original Idea was to have the interface set to a static /32 but I see now that this won't work.
I will review again with MNO.
I would just like to say thank you very much for all your help over the last 2 days
05-14-2020 08:52 AM
Hello,
glad that you got it resolved. To be honest, up until now I had not yet seen a setup where a loopback with a fixed IP address is being used for a cellular interface. Would be interesting to know if that is indeed what the ISP wanted you to do...
05-18-2020 01:02 AM
The ISP got back and basically said that they hand out their Static /32 addresses via static DHCP assignment
The loopback IP was just a method I had seen on another community discussion thread, in a case where a /32 address could not be configured on a physical interface. Just a workaround
Thanks,
Markl
05-18-2020 01:11 AM
Hello,
good information, thanks for the update !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide