Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1034
Views
1
Helpful
3
Replies

IR1101 Verizon cellular - IP obtained, but no traffic on cell

TRENT WAITE
Level 1
Level 1

‎12-18-2023 07:43 AM

I have an IR1101 that previously worked when doing testing. Then the router/modem sat on a shelf for couple years, and now I circle back to needing it again for a long term test. Except the cellular is not working. Specifically I can ping the cellular IP obtained from Verizon statically assigned to that ICCID. But no outbound traffic, even when selecting the cellular 0/1/0 as the source (for a ping as an example. 

I am already familiar with Verizon's policies and requirement for an ACL to block any traffic not using NAT out the cellular interface. Problem is I have that. Further frustrating is that I had saved the original configuration when this was working, and there is little to no change. I do remember at one point screwing around with the configuration for some test purposes that did impact the cellular connection, but these were configuration changes that have long since been removed (plus current running is almost 1:1 match of the old saved). 

I have no problem connecting to Verizon APN, no problem with Cellular0/1/0 obtaining it's IP address, no problem connecting to the IR1101 via SSH. But pinging out to another router with debug on ICMP shows nothing being sent from the IR1101 (ping 10.1.1.50 source cellular0/1/0"

The one thing I do want to remark on, don't know if this is a change with Verizon or not. We primarily use Digi modems for cellular, and in years past with Verizon I would see the assigned IP address and that is it. In recent years on the Digi IX10s I noticed that the host address is assigned, and a gateway is assigned using the host address -1 (i.e. host ~60, gateway ~59).

boot-start-marker
boot system bootflash:ir1101-universalk9.17.07.01.SPA.bin
boot-end-marker
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
no license feature hseck9
license udi pid IR1101-K9 sn FCW2452P2JX
license boot level network-advantage
memory free low-watermark processor 47762
!
diagnostic bootup level minimal
!
controller Cellular 0/1/0
 lte sim data-profile 3 attach-profile 3 slot 0
!
interface Loopback1
 ip address 10.20.7.1 255.255.255.248
!
interface GigabitEthernet0/0/0
 ip address 10.10.7.225 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0/1
 switchport access vlan 2
!
interface FastEthernet0/0/2
 switchport access vlan 2
!
interface FastEthernet0/0/3
 switchport access vlan 2
 switchport trunk native vlan 2
 switchport mode access
!
interface FastEthernet0/0/4
 switchport access vlan 2
 switchport trunk native vlan 2
 switchport mode access
!
interface Cellular0/1/0
 description Primary_ 
 ip address negotiated
 ip nat outside
 ip access-group VZ_ip_ACL_only out
 ip tcp adjust-mss 1460
 load-interval 30
 dialer in-band
 dialer idle-timeout 0
 dialer watch-group 1
 dialer-group 1
 pulse-time 1
!
interface Cellular0/1/1
 no ip address
!
interface Vlan1
 no ip address
 ip nat inside
!
interface Vlan2
 ip address dhcp
 ip nat inside
!
interface Async0/2/0
 no ip address
 encapsulation scada
!
ip forward-protocol nd
ip nat inside source list NAT interface Cellular0/1/0 overload
ip route 10.1.1.0 255.255.255.0 Cellular0/1/0
ip route 10.170.202.0 255.255.255.0 Cellular0/1/0
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 dhcp
!
!
ip access-list standard NAT
 10 permit 10.20.7.0 0.0.0.7
 20 permit 10.10.7.0 0.0.0.255
!
ip access-list extended VZ_ip_ACL_only
 10 permit ip host 10.170.202.60 any
 20 deny   ip any any log
!
ip access-list extended 199
 10 permit ip host 10.170.202.60 any
dialer watch-list 1 ip 5.6.7.8 255.255.255.255
dialer watch-list 1 delay route-check initial 30
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
line con 0
 stopbits 1
 speed 115200
line 0/0/0
line 0/2/0
line vty 0 4
 exec-timeout 20 0
 privilege level 15
 login local
 length 0
 transport input ssh
line vty 5 15
 exec-timeout 20 0
 privilege level 15
 login local
 transport input ssh

 

Labels:
0 Helpful
3 Replies 3

TRENT WAITE
Level 1
Level 1

‎12-18-2023 08:55 AM

Well this is both funny and embarrassing. Moments after I hit post and idea came to me, the one thing I did not try which of course is the one thing that resolved this. 

Like I said, the current config matched the previous, which DID work. But something somewhere along the line over the past couple of years changed. 

Previous:

 

interface Cellular0/1/0
 ip address negotiated
 ip nat outside
 ip access-group 199 out
 !
ip access-list extended 199
 10 permit ip host 10.170.202.60 any
 20 deny   ip any any log

 

 Working:

 

ip access-list extended 199
 10 permit ip host 10.170.202.60 any
 20 permit ip any host 10.170.202.60
 30 deny   ip any any log

 

All this needed now was one additional ACL to allow traffic to the cellular IP. This was not required previously on either the IR1101 or the 809s, but seems to be recent change. 

 

MHM Cisco World
VIP
VIP
In response to TRENT WAITE

‎12-18-2023 09:02 AM 

10.170.202.60

This IP cellular get from ISP? If yes then this IP is change from time to time and apply acl allow it is not good choice.

MHM

 

0 Helpful

khutt
Level 1
Level 1
In response to MHM Cisco World

‎03-28-2025 08:19 AM

10.x.x.x would be an IP used for Mobile Private Network with a custom APN. These IPs are usually static but cannot be accessed from the internet.
100.x.x.x are CGN (Carrier-Grade NAT) dynamic private IPs that are used on cellular networks.

0 Helpful
Customers Also Viewed These Support Documents