Re: Cisco 897VAG-LTE series router on Starlink

leontunnie · ‎12-26-2022

Hey guys,
So i'm trying to get my Cisco 897VAG-LTE up n running on Starlink but doesn't seem to be connecting. My Sh Run is:

!
version 15.6
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname AussieBB
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone utc 10 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.0.0.2 10.0.0.20
!
ip dhcp pool lanpool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 1.1.1.1 1.0.0.1
lease 7
!
!
!
ip name-server 1.1.1.1
ip name-server 1.0.0.1
ip inspect name FWv4 tcp router-traffic
ip inspect name FWv4 udp router-traffic
ip inspect name FWv4 icmp
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL1" TIMEOUT 60 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-LA-K9 sn
!
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
username admin privilege 15 password 7
!
redundancy
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
track 1 ip sla 1 reachability
!
!
policy-map shape-outbound
class class-default
shape average 39500000
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
routing dynamic
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
backup delay 0 10
backup interface Cellular0
ip address dhcp
duplex auto
speed auto
no cdp enable
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip tftp source-interface Vlan1
ip nat inside source route-map BACKUP interface Cellular0 overload
ip nat inside source route-map PRIMARY interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
ip route 0.0.0.0 0.0.0.0 Cellular0
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended INTERNET-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.0.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any ttl range 0 1
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any packet-too-big
permit udp any any eq bootpc
deny ip any any
ip access-list extended SSH-IN
permit tcp 192.168.0.0 0.0.255.255 any eq 22
permit tcp 172.16.0.0 0.15.255.255 any eq 22
permit tcp 10.0.0.0 0.255.255.255 any eq 22
deny ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet8
threshold 1000
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
route-map BACKUP permit 1
match ip address 1
match interface Cellular0
!
route-map PRIMARY permit 1
match ip address 1
match interface GigabitEthernet8
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 permit any
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
exec-timeout 0 0
script dialer lte
modem InOut
no exec
line 8
no exec
line vty 0 4
access-class SSH-IN in
exec-timeout 30 0
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 202.89.184.139
ntp server 203.206.171.84
ntp server 220.233.200.157
!
end

marce1000 · ‎12-26-2022

- FYI : https://www.reddit.com/r/Starlink/comments/uxp77i/solved_cisco_and_starlink/

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Georg Pauwen · ‎12-27-2022

Hello,

a few things do not look right. Make the changes marked in bold:

version 15.6
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname AussieBB
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging console
!
aaa new-model
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
aaa session-id common
clock timezone utc 10 0
!
ip dhcp excluded-address 10.0.0.2 10.0.0.20
!
ip dhcp pool lanpool
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 1.1.1.1 1.0.0.1
lease 7
!
ip name-server 1.1.1.1
ip name-server 1.0.0.1
ip inspect name FWv4 tcp router-traffic
ip inspect name FWv4 udp router-traffic
ip inspect name FWv4 icmp
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL1" TIMEOUT 60 "OK"
!
license udi pid C897VAG-LTE-LA-K9 sn
!
archive
log config
logging enable
notify syslog contenttype plaintext
hidekeys
username admin privilege 15 password 7
!
redundancy
!
controller VDSL 0
operating mode vdsl2
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
track 1 ip sla 1 reachability
!
policy-map shape-outbound
class class-default
shape average 39500000
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
ip address negotiated
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
routing dynamic
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
backup delay 0 10
backup interface Cellular0
ip address dhcp
--> ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip tftp source-interface Vlan1
ip nat inside source route-map BACKUP interface Cellular0 overload
ip nat inside source route-map PRIMARY interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
--> ip route 0.0.0.0 0.0.0.0 Cellular0 10
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended INTERNET-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.0.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny tcp any any fragments
deny udp any any fragments
deny icmp any any fragments
deny ip any any ttl range 0 1
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any packet-too-big
permit udp any any eq bootpc
deny ip any any
ip access-list extended SSH-IN
permit tcp 192.168.0.0 0.0.255.255 any eq 22
permit tcp 172.16.0.0 0.15.255.255 any eq 22
permit tcp 10.0.0.0 0.255.255.255 any eq 22
deny ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet8
threshold 1000
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
route-map BACKUP permit 1
match ip address 1
match interface Cellular0
!
route-map PRIMARY permit 1
match ip address 1
match interface GigabitEthernet8
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 remark INSIDE_IF=Vlan1
--> no access-list 1 permit any
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
vstack
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
stopbits 1
line 3
exec-timeout 0 0
script dialer lte
modem InOut
no exec
line 8
no exec
line vty 0 4
access-class SSH-IN in
exec-timeout 30 0
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 202.89.184.139
ntp server 203.206.171.84
ntp server 220.233.200.157
!
end

leontunnie · ‎12-27-2022

@Georg PauwenThanks for that and have made the edits. I'm getting the following error though:

icmp-echo 8.8.8.8 source-interface GigabitEthernet8
^
% Invalid input detected at '^' marker.

threshold 1000
^
% Invalid input detected at '^' marker.

timeout 1000
^
% Invalid input detected at '^' marker.
frequency 5
^
% Invalid input detected at '^' marker.

Which i'm assuming is referring to:
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet8
threshold 1000
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip permit
ipv6 ioam timestamp

MHM Cisco World · ‎12-27-2022

what @Georg Pauwen bold correction is not relate to what you new face,
I think you want to modify the IP SLA and hence the error message appear.
can you share the full config after @Georg Pauwen bold correction ?

Georg Pauwen · ‎12-27-2022

Hello,

are you in IP SLA config mode ?

AussieBB(config)#ip sla 1
AussieBB(config-ip-sla)#icmp-echo 8.8.8.8 source-interface gigabitEthernet 0/0
AussieBB(config-ip-sla-echo)#threshold 1000
AussieBB(config-ip-sla-echo)#timeout 1000
AussieBB(config-ip-sla-echo)#frequency 5

leontunnie · ‎12-27-2022

Hey mate,
It's in my startup-config

MHM Cisco World · ‎12-27-2022

so you config in IP SLA and then wr then you reboot and you see this error message ??

leontunnie · ‎12-27-2022

It's in the startup-config. Do I even need it?

MHM Cisco World · ‎12-27-2022

just one by one friend, I dont get what you meaning by startup config ?
can you share the total config.