Hello,

I had a similar post a couple of years ago, what helped back then was entering the command below, you might want to give that a try:

ISR4221#cellular 0 lte plmn search

Hi,

Thanks for the command

At this moment I am connected on the mgmt network, when i run cellular 0/1/0 lte plmn search

It gives me

Please shutdown all the interfaces manually and re-enter this command.

Unfortunately i can't shut all interfaces at this moment because I am not connected via console.

Hi have posted the relavant running config below:

controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1X.X.X.X 255.255.255.255 (for oob)
ip nat inside
!
interface Loopback1
ip address X.X.X.X 255.255.255.255 - this is public IP assigned (/32 reason for the ip unnumbered under cellular 0/1/0)
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address X.X.X.X 255.255.255.0 (this is mgnt network)
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1
ip nat outside
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1

ip nat inside source list 2 interface Cellular0/1/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0

ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit

******please note that we have no internet connectivity from the device, which i think is related to INACTIVE profile**********

Hello,

post the full running config (sh run) not just snippets. What does your chat script look like ? Try the one below:

chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"

Also, post the output of:

show cellular 0/2/0 profile

For the NAT access list, 'permit any' is usually not a good idea, try and specify the exact address space, e.g.:

access-list 2 permit 192.168.1.0 0.0.0.255

Here is the complete config:

Current configuration : 8468 bytes
!
! Last configuration change at 10:52:50 UTC Wed May 13 2020 by net_admin
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname dub1-00-oob-wgw1
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.16.11.01a.SPA.bin
boot-end-marker
!
!
enable secret XXXXXXXXXXXXX
enable password XXXXXXXXXXXXX
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip domain name cubictelecom.com
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-691021271
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-691021271
revocation-check none
rsakeypair TP-self-signed-691021271
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
XXXXXXXXXXXXXXXXXXXXX
!
license udi pid ISR4221/K9 sn XXXXXXX
license smart url default
license smart transport smart
license smart privacy hostname
license smart privacy version
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 75394
!
!
!
username xxxxxxxxxxxxxx
!
redundancy
mode none
!
controller Cellular 0/1/0
lte sim data-profile 2 attach-profile 2 slot 0
lte modem dm-log rotation
lte modem link-recovery monitor-timer 30
lte modem link-recovery wait-timer 30
lte modem link-recovery debounce-count 20
profile id 2 apn JTFIXEDPUBLIC authentication none pdn-type ipv4
!
!
!
!
!
!
!
!
interface Loopback0
ip address x.x.x.x for OOB
ip nat inside
!
interface Loopback1
ip address X.X.X.X - Public IP assigned by telecom
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
ip address x.x.x.x - MGMT
ip nat inside
negotiation auto
!
interface Cellular0/1/0
bandwidth 2000000
ip unnumbered Loopback1
ip nat outside
shutdown
dialer in-band
dialer idle-timeout 0
dialer-group 1
pulse-time 1
!
interface Cellular0/1/1
no ip address
shutdown
!
interface Async0/2/0
no ip address
async mode interactive
!
interface Async0/2/1
no ip address
async mode interactive
!
interface Async0/2/2
no ip address
async mode interactive
!
interface Async0/2/3
no ip address
async mode interactive
!
interface Async0/2/4
no ip address
async mode interactive
!
interface Async0/2/5
no ip address
async mode interactive
!
interface Async0/2/6
no ip address
async mode interactive
!
interface Async0/2/7
no ip address
async mode interactive
!
interface Async0/2/8
no ip address
async mode interactive
!
interface Async0/2/9
no ip address
async mode interactive
!
interface Async0/2/10
no ip address
async mode interactive
!
interface Async0/2/11
no ip address
async mode interactive
!
interface Async0/2/12
no ip address
async mode interactive
!
interface Async0/2/13
no ip address
async mode interactive
!
interface Async0/2/14
no ip address
async mode interactive
!
interface Async0/2/15
no ip address
async mode interactive
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip nat inside source list 2 interface Cellular0/1/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0
ip route x.x.x.x 255.255.255.0 .x.x.x.x - VPN
ip route x.x.x.x 255.255.255.0 x.x.x.x - MGMT
ip route x.x.x.x 255.255.255.0 x.x.x.x - VPN2
ip route x.x.x.x 255.255.255.0 x.x.x.x
!
!
!
ip access-list standard 1
permit any
ip access-list standard 2
permit any
dialer-list 1 protocol ip permit
!
!
tacacs-server host x.x.x.x
tacacs-server directed-request
tacacs-server key 7 xxxxxxxxxxxxxxxxxxxxxxxx
!
!
control-plane
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
stopbits 1
line XXX XXXX
login local
no exec
transport input all
stopbits 1
line vty 0 4
exec-timeout 30 0
login local
transport input ssh
transport output ssh
!
!
!
!
!
!
end

Also here is the cellular 0/1/0 profile output

dub1-00-oob-wgw1#show cellular 0/1/0 profile
Profile password Encryption level = 7

Profile 1 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = XXXXXXX -  this is internal APN
Authentication = None

Profile 2 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = JTFIXEDPUBLIC
Authentication = None

* - Default profile
** - LTE attach profile

Configured default profile for active SIM 0 is profile 2.

Hello

---

@Dunner1991 wrote:

dub1-00-oob-wgw1#show cellular 0/1/0 profile
Profile password Encryption level = 7

---

Any chance you missing authentication for this profile, does your provider require it?

Hi @paul driver 

We didn't set up any authentication for this profile, as no username or password for APN was provided (told us we just needed to configure the APN) by the MNO

Previously before we rebooted the device the profile was in ACTIVE state

Profile password Encryption level = 7

Profile 2 = ACTIVE* **

--------

PDP Type = IPv4

PDP address = X.X.X.X - Public IP assigned by MNO

Access Point Name (APN) = JTFIXEDPUBLIC

Authentication = None

Primary DNS address = 8.8.8.8

Secondary DNS address = 8.8.4.4

* - Default profile

** - LTE attach profile

But now we can't get the profile back to this state

Hello

If the same profile config exists after a reload of the rtr, You could try re-inserting the sim and check that it isnt locked with the provider? <--- sh cellular 0/2/0 secuirty

HI @paul driver 

I have reloaded the router

This is the output from show cellular 0/1/0 security

Unfortunately, I can't change the SIM slot as it is located on our DC (no access under current restrictions)

Thanks,

Mark

Hello,

stupid question maybe, but are you sure you have (sufficient) 4G coverage in your area ?

Either way, try and recreate the profile, just to make sure you don't have some sort of typo in there:

cellular 0/1/0 lte profile create 2

Sorry, I saw in your original post that you already did recreate the profile before...

Try and put the 'ip nat outside' on the Loopback as well:

interface Loopback1
ip address X.X.X.X - Public IP assigned by telecom
--> ip nat outside

That said, do you really need the loopback ? Can you use a dialer ?

Hi @Georg Pauwen 

I will add the ip nat outisde to the loopback now.

I added the loopback because I couldn't assign the Public IP /32 to the cellular 0/1/0 interface

I read in another discussion that the best way to do it was create a loopback and use the ip unnumbered loopback 1 under the cellular 0/1/0 int