06-05-2019 02:32 AM - edited 06-05-2019 03:08 AM
Hi all,
Would anyone mind looking over my config for me and seeing if I have done anything blatantly wrong. This is a new C881G-4G which I have setup using the config from an identical router running exactly the same config, and using the same providers sim card.
The aim is to get the router to connect to the cellular network and then VPN to our HQ but I am struggling to get it to even connect to 4G.
router#sh cell 0 all Hardware Information ==================== Modem Firmware Version = SWI9X15C_05.05.58.00 Modem Firmware built = 2015/03/04 21:30:23 Hardware Version = 1.0 Device Model ID: MC7304 Package Identifier ID: 1102029_9903299_MC7304_05.05.58.00_00_Cisco_005.010_000 International Mobile Subscriber Identity (IMSI) = International Mobile Equipment Identity (IMEI) = 352761061970175 Integrated Circuit Card ID (ICCID) = Mobile Subscriber Integrated Services Digital Network-Number (MSISDN) = Current Modem Temperature = 0 deg C PRI SKU ID = 9903299, PRI version = 05.10, Carrier = 1 Profile Information ==================== Profile password Encryption level: 7 Profile 1 = INACTIVE* ** -------- PDP Type = IPv4 Access Point Name (APN) = everywhere Authentication = CHAP Username: eesecure Password: 095F4B0A0C1712 * - Default profile ** - LTE attach profile Configured default profile for active SIM 0 is profile 1. Data Connection Information =========================== Profile 1, Packet Session Status = INACTIVE Profile 2, Packet Session Status = INACTIVE Profile 3, Packet Session Status = INACTIVE Profile 4, Packet Session Status = INACTIVE Profile 5, Packet Session Status = INACTIVE Profile 6, Packet Session Status = INACTIVE Profile 7, Packet Session Status = INACTIVE Profile 8, Packet Session Status = INACTIVE Profile 9, Packet Session Status = INACTIVE Profile 10, Packet Session Status = INACTIVE Profile 11, Packet Session Status = INACTIVE Profile 12, Packet Session Status = INACTIVE Profile 13, Packet Session Status = INACTIVE Profile 14, Packet Session Status = INACTIVE Profile 15, Packet Session Status = INACTIVE Profile 16, Packet Session Status = INACTIVE Network Information =================== Current System Time = Sun Jan 6 0:4:18 1980 Current Service Status = No service Current Service = Unknown Current Roaming Status = Home Network Selection Mode = Automatic Network = Mobile Country Code (MCC) = 234 Mobile Network Code (MNC) = 15 Packet switch domain(PS) state = Not attached Location Area Code (LAC) = 0 Cell ID = 0 Radio Information ================= Radio power mode = online Channel Number = 0 Current Band = Unknown Current RSSI(RSCP) = -83 dBm Current ECIO = -8 dBm Primary Scrambling Code = 352 Radio Access Technology(RAT) Preference = AUTO Radio Access Technology(RAT) Selected = UMTS Modem Security Information ========================== Active SIM = 0 SIM switchover attempts = 0 Card Holder Verification (CHV1) = Disabled SIM Status = Not inserted SIM User Operation Required = None Number of CHV1 Retries remaining = 0 GPS Information ========================== GPS Info ------------- GPS Feature: enabled GPS Port Selected: Dedicated GPS port GPS State: GPS location error GPS auto tracking status: unknown GPS auto tracking config: disabled GPS Mode Configured: disabled Last Location Fix Error: Offline [0x0] SMS Information =============== Incoming Message Information ---------------------------- SMS stored in modem = 0 SMS archived since booting up = 0 Total SMS deleted since booting up = 0 Storage records allocated = 25 Storage records used = 0 Number of callbacks triggered by SMS = 0 Number of successful archive since booting up = 0 Number of failed archive since booting up = 0 Outgoing Message Information ---------------------------- Total SMS sent successfully = 0 Total SMS send failure = 0 Number of outgoing SMS pending = 0 Number of successful archive since booting up = 0 Number of failed archive since booting up = 0 Last Outgoing SMS Status = SUCCESS Copy-to-SIM Status = 0x0 Send-to-Network Status = 0x0 Report-Outgoing-Message-Number: Reference Number = 0 Result Code = 0x0 Diag Code = 0x0 0x0 0x0 0x0 0x0 SMS Archive URL = Error Information ================= This command is not supported on this platform. Modem Crashdump Information =========================== Modem crashdump logging: off
As you can see, the profile is inactive, but I do not know why. Is there anything I can do to force it to be active?
router#sh running-config Building configuration... Current configuration : 4640 bytes ! version 15.5 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! ! no logging console ! aaa new-model ! ! aaa authentication login default local aaa authentication enable default enable aaa authorization exec default local ! ! ! ! ! aaa session-id common ethernet lmi ce clock timezone gmt 0 0 clock summer-time gmt recurring ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no ip domain lookup ip domain name mycompany.local ip name-server 10.11.2.5 ip name-server 8.8.8.8 ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! chat-script lte "" "AT!CALL" TIMEOUT 20 "OK" ! ! ! ! ! license udi pid C881G-4G-GA-K9 sn FCZ2104E1GY ! ! object-group network HGL-IPs host xx.xx.140.115 host xx.xx.136.202 host xx.xx.55.162 host xx.xx.51.246 ! username administrator privilege 15 secret 5 $1$XhIZ$31LWqasCpbR64BrWYXi/A/ ! ! ! ! ! controller Cellular 0 lte sim data-profile 1 attach-profile 1 slot 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 no cdp run ! ! crypto logging session crypto logging ezvpn ! crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key password address xx.xx.136.202 crypto isakmp keepalive 10 periodic ! crypto ipsec security-association lifetime kilobytes 5000000 crypto ipsec security-association lifetime seconds 8640 ! crypto ipsec transform-set TS esp-aes esp-sha-hmac mode tunnel crypto ipsec fragmentation after-encryption ! ! ! crypto map VPN-TO-HQ 10 ipsec-isakmp set peer 81.128.136.202 set transform-set TS match address VPN-TRAFFIC ! ! ! ! ! ! interface Cellular0 description Primary cellular WAN link ip address negotiated ip access-group LOCKDOWN-IN in ip access-group LOCKDOWN-OUT out encapsulation slip dialer in-band dialer string lte dialer-group 1 async mode interactive crypto map VPN-TO-HQ routing dynamic ! interface Cellular1 no ip address encapsulation slip ! interface FastEthernet0 switchport access vlan 109 no ip address ! interface FastEthernet1 switchport access vlan 109 no ip address ! interface FastEthernet2 switchport access vlan 109 no ip address ! interface FastEthernet3 switchport access vlan 109 no ip address ! interface FastEthernet4 no ip address shutdown duplex auto speed auto ! interface Vlan1 no ip address shutdown ! interface Vlan109 ip address 10.11.109.254 255.255.255.0 ip helper-address 10.11.202.1 no ip proxy-arp ip nbar protocol-discovery ip tcp adjust-mss 1452 load-interval 30 ! interface Dialer1 ip address negotiated encapsulation slip dialer pool 1 dialer idle-timeout 0 dialer string lte dialer persistent dialer-group 1 ! no ip forward-protocol nd no ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip route 0.0.0.0 0.0.0.0 Cellular0 ip ssh version 2 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list extended LOCKDOWN-IN permit udp any any eq bootps permit udp any any eq bootpc permit gre object-group HGL-IPs any permit esp object-group HGL-IPs any permit ahp object-group HGL-IPs any permit ip object-group HGL-IPs any ip access-list extended LOCKDOWN-OUT permit udp any any eq bootps permit udp any any eq bootpc permit udp any object-group HGL-IPs permit ahp any object-group HGL-IPs permit esp any object-group HGL-IPs permit gre any object-group HGL-IPs permit ip any object-group HGL-IPs ip access-list extended VPN-TRAFFIC permit ip 10.11.109.0 0.0.0.255 any ! dialer-list 1 protocol ip permit ! snmp-server community hgp-ro RO snmp-server location Roaming Router snmp-server contact Group IT snmp-server chassis-id router ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! line con 0 privilege level 15 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line 3 script dialer lte no exec line 8 no exec line vty 0 4 exec-timeout 1440 0 privilege level 15 transport input ssh line vty 5 15 exec-timeout 1440 0 privilege level 15 transport input ssh ! scheduler allocate 20000 1000 ntp server ntp.mycompany.local source Cellular0 ! end
Any advice would be appreciated, thank you for your time :)
06-05-2019 02:59 AM - edited 06-05-2019 03:10 AM
Hi
Sorry not familiar with cellular.
But you may want to sanitise the config before posting on public forum :) you have masked some public IPs with xx but missed ..
crypto isakmp key xxxx address x.x.x.x
06-05-2019 03:09 AM
06-05-2019 03:06 AM
06-05-2019 03:11 AM
06-05-2019 03:09 AM
Is this relevant?
You can use the cellular 0 lte plmn search command to search for available PLMNs. The following example shows how to search for networks:
router#cellular 0 lte plmn search Searching for available PLMNs.This may take up to 3 minutes. Please wait........................... PLMN search done. Please use "show cellular 0 network" to see available PLMNS
After the search, use the show cellular 0 network command to see the available networks:
router#show cellular 0 network Current System Time = Fri Sep 18 18:49:24 2015 Current Service Status = Normal Current Service = Packet switched Current Roaming Status = Roaming Network Selection Mode = Manual Network = O2 - UK Mobile Country Code (MCC) = 234 Mobile Network Code (MNC) = 10 Packet switch domain(PS) state = Attached Location Area Code (LAC) = 4931 Cell ID = 34319 Available PLMNs: Idx MCC MNC RAT Desc 1 234 10 umts O2 - UK 2 234 10 gsm O2 - UK 3 234 20 umts 3 UK 4 234 30 umts EE 5 234 15 gsm voda UK 6 234 33 gsm EE 7 234 20 lte 3 UK 8 234 30 gsm EE 9 234 15 umts voda UK 10 234 30 lte EE 11 234 10 lte O2 - UK 12 234 15 lte voda UK
There are three ways to select an available network: Auto mode, Force Mode, and Manual mode. In Auto mode, the router will connect automatically to a network preferred by the SIM card. In Force mode, the router is forced to select an available or known network without performing a network search. If a network is not available or the router is unable to attach to a network, then the router will remain in a ‘Not attached’ state. You can use the cellular x lte plan select auto command to attach the router to a network preferred by the SIM. In Manual mode, you can select an available network from your search result.
The following example shows how to select a network manually:
router#cellular 0 lte plmn select manual ? 0-999 Mobile Country Code (MCC) router#cellular 0 lte plmn select manual 234 ? 0-999 Mobile Network Code (MNC) router#cellular 0 lte plmn select manual 234 10 ? gsm GSM lte LTE umts UMTS router#cellular 0 lte plmn select manual 234 10 gsm ?
The following example shows how to force a network selection:
router#cellular 0 lte plmn select force ? 0-999 Mobile Country Code (MCC) router#cellular 0 lte plmn select force 310 ? 0-999 Mobile Network Code (MNC) router#cellular 0 lte plmn select force 310 410 ? 2-3 MNC Digits Ex 23 means 2 Digits, 023 Means 3 Digits router#cellular 0 lte plmn select force 310 410 2 ? gsm GSM lte LTE umts UMTS router#cellular 0 lte plmn select force 310 410 2 l router#cellular 0 lte plmn select force 310 410 2 lte ?
Use show cellular 0 network command to verify the PLMN selection:
router#show cellular 0 network Current System Time = Fri Sep 18 18:53:25 2015 Current Service Status = Normal Current Service = Packet switched Current Roaming Status = Roaming Network Selection Mode = Manual Network = O2 - UK Mobile Country Code (MCC) = 234 Mobile Network Code (MNC) = 10 Packet switch domain(PS) state = Attached Location Area Code (LAC) = 4931 Cell ID = 34319 Available PLMNs: Idx MCC MNC RAT Desc 1 234 10 umts O2 - UK 2 234 10 gsm O2 - UK 3 234 20 umts 3 UK 4 234 30 umts EE 5 234 15 gsm voda UK 6 234 33 gsm EE 7 234 20 lte 3 UK 8 234 30 gsm EE 9 234 15 umts voda UK 10 234 30 lte EE 11 234 10 lte O2 - UK 12 234 15 lte voda UK router#show cellular 0 radio Radio power mode = ON Channel Number = 122 Current Band = GSM 900 Extended Current RSSI = -48 dBm Current ECIO = -127 dBm Radio Access Technology(RAT) Preference = GSM Radio Access Technology(RAT) Selected = EDGE
06-05-2019 07:44 AM
06-05-2019 03:34 AM
Hello,
do you need this router to access the Internet directly, or does the Internet access go through the other end of the VPN ?
I have changed your configuration (changes/additions marked in bold), see if that makes a difference. Typically, the VPN access list specifies traffic from your local LAN to the remote LAN on the other end. Since I don't know what your remote LAN is, I have marked it as x.x.x.x y.y.y.y):
Current configuration : 4640 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging console
!
aaa new-model
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
aaa session-id common
ethernet lmi ce
clock timezone gmt 0 0
clock summer-time gmt recurring
!
no ip domain lookup
ip domain name mycompany.local
ip name-server 10.11.2.5
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid C881G-4G-GA-K9 sn FCZ2104E1GY
!
object-group network HGL-IPs
host xx.xx.140.115
host xx.xx.136.202
host xx.xx.55.162
host xx.xx.51.246
!
username administrator privilege 15 secret 5 $1$XhIZ$31LWqasCpbR64BrWYXi/A/
!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
crypto logging session
crypto logging ezvpn
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key lollerskates address 81.128.136.202
crypto isakmp keepalive 10 periodic
!
crypto ipsec security-association lifetime kilobytes 5000000
crypto ipsec security-association lifetime seconds 8640
!
crypto ipsec transform-set TS esp-aes esp-sha-hmac
mode tunnel
crypto ipsec fragmentation after-encryption
!
crypto map VPN-TO-HQ 10 ipsec-isakmp
set peer 81.128.136.202
set transform-set TS
match address VPN-TRAFFIC
!
interface Cellular0
description Primary cellular WAN link
ip address negotiated
ip nat outside
--> no ip access-group LOCKDOWN-IN in
--> no ip access-group LOCKDOWN-OUT out
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
crypto map VPN-TO-HQ
routing dynamic
!
interface Cellular1
no ip address
encapsulation slip
!
interface FastEthernet0
switchport access vlan 109
no ip address
!
interface FastEthernet1
switchport access vlan 109
no ip address
!
interface FastEthernet2
switchport access vlan 109
no ip address
!
interface FastEthernet3
switchport access vlan 109
no ip address
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan109
ip address 10.11.109.254 255.255.255.0
ip helper-address 10.11.202.1
ip nat inside
no ip proxy-arp
ip nbar protocol-discovery
ip tcp adjust-mss 1452
load-interval 30
!
interface Dialer1
ip address negotiated
encapsulation slip
dialer pool 1
dialer idle-timeout 0
dialer string lte
dialer persistent
dialer-group 1
!
no ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface Cellular0 overload
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 101 deny ip 10.11.109.0 x.x.x.x y.y.y.y
access-list 101 permit ip 10.11.109.0 0.0.0.255 any
!
ip access-list extended LOCKDOWN-IN
permit udp any any eq bootps
permit udp any any eq bootpc
permit gre object-group HGL-IPs any
permit esp object-group HGL-IPs any
permit ahp object-group HGL-IPs any
permit ip object-group HGL-IPs any
ip access-list extended LOCKDOWN-OUT
permit udp any any eq bootps
permit udp any any eq bootpc
permit udp any object-group HGL-IPs
permit ahp any object-group HGL-IPs
permit esp any object-group HGL-IPs
permit gre any object-group HGL-IPs
permit ip any object-group HGL-IPs
ip access-list extended VPN-TRAFFIC
permit ip 10.11.109.0 0.0.0.255 x.x.x.x y.y.y.
!
dialer-list 1 protocol ip permit
!
snmp-server community hgp-ro RO
snmp-server location Roaming Router
snmp-server contact Group IT
snmp-server chassis-id router
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
privilege level 15
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
no exec
line 8
no exec
line vty 0 4
exec-timeout 1440 0
privilege level 15
transport input ssh
line vty 5 15
exec-timeout 1440 0
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
ntp server ntp.mycompany.local source Cellular0
!
end
06-05-2019 07:46 AM
06-05-2019 08:46 AM
Hello,
x.x.x.x y.y.y.y should be the subnet of the LAN on the other side of the VPN. You router is connected to something at the other end (the device with IP address 81.x.x.202), that device has a LAN configured. Make sure the access list on that other device is exactly the same as on the router of which you have posted the config...
06-05-2019 08:48 AM
Hello,
have you tried to delete and recreate the profile ?
Router#cellular 0 lte profile delete 1
Router#cellular 0 lte profile create 1
07-10-2019 03:51 AM
I've left this for some time and come back to it in the hopes that it would start working after resting my eyes and brain but I still am in the same position.
I try to delete the profile and it won't delete, just keeps appearing.
Current System Time = Wed Jul 10 10:20:52 2019
Current Service Status = No service
Current Service = Unknown
Current Roaming Status = Roaming
Network Selection Mode = Automatic
Network =
Mobile Country Code (MCC) = 234
Mobile Network Code (MNC) = 15
Packet switch domain(PS) state = Not attached
Location Area Code (LAC) = 0
Cell ID = 0
Available PLMNs at : 11:17:29 gmt Wed Jul 10 2019
Idx MCC MNC RAT Desc
1 234 15 umts voda UK
2 234 20 lte 3 UK
3 234 30 gsm EE
4 234 15 lte voda UK
5 234 10 lte O2 - UK
6 234 32 lte EE
7 234 10 umts O2 - UK
8 234 15 gsm voda UK
9 234 30 lte EE
10 234 10 gsm O2 - UK
I still cannot get it to display the network name or manually set it. It just ignores whatever I tell it do :(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide