10-22-2020 11:15 AM
We have 3 IR809s that previously worked, had Verizon SIMs from private APN. The cellular was used as a backup interface, and all 3 now have their cellular as down. All 3 list the profile as inactive:
Profile 3 = INACTIVE* -------- PDP Type = IPv4 Access Point Name (APN) = S****.VZWENTP Authentication = None
Config:
controller Cellular 0 lte sim data-profile 3 attach-profile 1 slot 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 ! interface Cellular0 no ip address ip access-group 199 out ip accounting output-packets ip flow egress ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer pool-member 1 dialer-group 1 no peer default ip address async mode interactive routing dynamic ! interface Dialer1 ip address negotiated ip access-group 199 out ip accounting output-packets ip flow egress ip nat outside ip virtual-reassembly in encapsulation slip dialer pool 1 dialer idle-timeout 0 dialer string lte dialer persistent dialer-group 1 ! ip route 10.xx.xx.0 255.255.255.128 Dialer1
!
access-list 199 permit ip host 10.xx.xx.1 any
access-list 199 deny ip any any log
Doing command sh cellular 0 all gives one thing interesting, but I do not know nearly enough to know if it means anything:
Configured default profile for active SIM 0 is profile 3. Data Connection Information =========================== Profile 3, Packet Session Status = INACTIVE Call end mode = unknown technology Session disconnect reason type = unknown reason type(0) Session disconnect reason = unknown reason(0)
I do not know if this is A.) configuration or misconfigured cellular interface or B.) change on Verizon's end. I have about 0 experience with Cisco & cellular, so am at a loss on what to look for or how to resolve.
10-22-2020 11:38 AM
Hello,
I don't know what the rest of your configuration looks like, but get rid of the dialer interface altogether, and try the basic configuration below:
chat-script lte "" "AT!CALL" TIMEOUT 10 "OK"
!
controller Cellular 0
lte sim data-profile 3 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly inlte
encapsulation slip
load-interval 30
dialer in-band
dialer-group 1
no peer default ip address
async mode interactive
routing dynamic
!
interface Vlan 1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip nat inside source list 1 interface Cellular 0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
10-22-2020 12:31 PM
Thank you George for replying. Here is the config minus crypto and tunnel sections:
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK" ! controller Cellular 0 lte sim data-profile 3 attach-profile 1 slot 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 ! track 10 ip sla 1 reachability ! track 11 ip sla 2 reachability ! interface Loopback1 ip address 172.20.151.1 255.255.255.248 ! interface GigabitEthernet0 ip address 192.10.1.1 255.255.255.240 ip accounting output-packets ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet1 ip address 10.20.1.1 255.255.255.0 ip accounting output-packets duplex auto speed auto ! interface Cellular0 ip address negotiated ip access-group 199 out ip accounting output-packets ip flow egress ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 0 dialer-group 1 no peer default ip address async mode interactive routing dynamic ! dialer watch-list 1 ip 172.20.151.1 255.255.255.255 dialer watch-list 1 delay route-check initial 30 dialer watch-list 1 delay connect 1 dialer-list 1 protocol ip permit ! access-list 199 permit ip host 10.170.191.1 any access-list 199 deny ip any any log ! line con 0 stopbits 1 line 1 2 stopbits 1 line 3 script dialer lte no exec transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh transport input ssh transport output ssh speed 144000 line 8 no exec transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh line 1/3 1/6 transport preferred none transport output none stopbits 1 line vty 0 4 session-timeout 60 output access-class TerminalAccess in login local transport input ssh ! no scheduler max-task-time
The modem's function was to connect over radio connect to GE 0, when reception was lost it would switch over to cellular. This did work for several years, and whenever radio reception was lost it would fail over to cellular, I would get notifications and would see traffic flowing through the cell, and no telemetry was lost.
10-22-2020 01:27 PM
Hello,
seeing only the partial config makes it hard tell if anything is missing. Can you post the full (show run) configuration ?
10-22-2020 01:44 PM
Sorry, here is the config:
CTU#sh run Building configuration... Current configuration : 9198 bytes ! ! version 15.6 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CTU ! boot-start-marker boot system flash:/ir800-universalk9-mz.SPA.156-3.M2 boot-end-marker ! ! ! no aaa new-model clock timezone CST -6 0 clock summer-time CDT recurring ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip domain name xxxxxxxxxxxx.com ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! chat-script lte "" "AT!CALL" TIMEOUT 20 "OK" ! crypto pki trustpoint TP-self-signed-422713650 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-422713650 revocation-check none rsakeypair TP-self-signed-422713650 ! ! crypto pki certificate chain TP-self-signed-422713650 certificate self-signed 01 30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 34323237 31333635 30301E17 0D313730 38313831 36303834 395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3432 32373133 36353030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 B5535184 2AF76562 91C013AE BE7D01E3 FE2D986B 4107C3BB 84287426 EC9873FE 7C8F95B6 47655A5B 26272DBD BD86AFB6 C35B370F 149CB6D1 D29600E1 C50A7101 DBE195A7 CBC5DF63 670C25F4 C372A874 5B36A202 A5603C8A 01B5DC15 1ADCD1D1 B2100261 AF9D2C52 6F46D624 75140764 9DE738D7 4341F532 E8007557 7B39DF23 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 168014E5 75B361C9 E64C9BF5 42BEE6DA 88B6CD3B 6AD47930 1D060355 1D0E0416 0414E575 B361C9E6 4C9BF542 BEE6DA88 B6CD3B6A D479300D 06092A86 4886F70D 01010505 00038181 008E9F8B 305A2DB7 91298D5F BC7924E0 B3D33D3A 065CD1F4 DF7A1E2B A12FB438 7FEC4BDB EEC73FEA E5071FF1 C3A3BA4B 1CEFA672 57E769FD 00425E17 0A0C6418 89B130B0 D6F34C80 40E360E3 75E6724D 014CEC0C 247DF69E 9ED78367 6DD1837C C8051BD0 F163C8C0 E246BC5C 1E4016C7 CE3C49F7 B26A6FAB F01F7E6B DDAFBEC6 DB quit license udi pid IR809G-LTE-VZ-K9 sn FCW2118003T ! ! object-group network obj-10.XX.XX.0 10.XX.XX.0 255.255.255.0 ! object-group network obj-10.20.1.0 10.20.1.0 255.255.255.0 ! object-group network obj-172.31.20.0 172.31.20.0 255.255.255.240 ! username YYYY privilege 15 password 7 YYYY username XXXX privilege 15 password 7 XXXX ! redundancy ! ! ! ! ! controller Cellular 0 lte sim data-profile 3 attach-profile 1 slot 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 ! track 10 ip sla 1 reachability ! track 11 ip sla 2 reachability ! ! ! crypto isakmp policy 1 encr aes authentication pre-share group 14 crypto isakmp key 22!M@ address 192.10.1.2 crypto isakmp key 22!M@ address 192.10.1.3 crypto isakmp key 22!M@ address 10.170.XX.2 crypto isakmp key 22!M@ address 10.170.XX.3 ! ! crypto ipsec transform-set T1 esp-aes esp-sha-hmac mode tunnel ! crypto ipsec profile IPSEC set transform-set T1 ! ! ! ! ! ! ! interface Loopback1 ip address 172.20.151.1 255.255.255.248 ! interface Tunnel0 ip address 172.10.1.1 255.255.255.248 ip tcp adjust-mss 1360 load-interval 30 tunnel source 192.10.1.1 tunnel mode ipsec ipv4 tunnel destination 192.10.1.2 tunnel protection ipsec profile IPSEC ! interface Tunnel1 ip address 172.20.1.1 255.255.255.248 ip tcp adjust-mss 1360 load-interval 30 tunnel source 10.170.XX.1 tunnel mode ipsec ipv4 tunnel destination 10.170.XX.2 tunnel protection ipsec profile IPSEC ! interface Tunnel2 ip address 172.30.1.1 255.255.255.248 ip tcp adjust-mss 1360 load-interval 30 tunnel source 192.10.1.1 tunnel mode ipsec ipv4 tunnel destination 192.10.1.3 tunnel protection ipsec profile IPSEC ! interface Tunnel3 ip address 172.40.1.1 255.255.255.248 ip tcp adjust-mss 1360 load-interval 30 tunnel source 10.170.191.1 tunnel mode ipsec ipv4 tunnel destination 10.170.XX.3 tunnel protection ipsec profile IPSEC ! interface GigabitEthernet0 ip address 192.10.1.1 255.255.255.240 ip accounting output-packets ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet1 ip address 10.20.1.1 255.255.255.0 ip accounting output-packets duplex auto speed auto ! interface Wpan2 no ip address ieee154 txpower 25 no ieee154 fec-off ! interface GigabitEthernet2 no ip address shutdown duplex auto speed auto ! interface Cellular0 ip address negotiated ip access-group 199 out ip accounting output-packets ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 0 dialer-group 1 no peer default ip address async mode interactive routing dynamic ! interface Cellular1 no ip address encapsulation slip ! interface Async0 no ip address encapsulation scada ! interface Async1 no ip address encapsulation scada ! ! ! router eigrp 1 network 10.20.1.0 0.0.0.7 network 10.170.XX.0 0.0.0.127 network 192.10.1.0 0.0.0.15 ! ip forward-protocol nd ! no ip http server ip http authentication local ip http secure-server ! ip nat inside source list 2 interface Cellular0 overload ip route 10.20.2.0 255.255.255.248 Tunnel0 track 10 ip route 10.20.3.0 255.255.255.248 Tunnel2 track 11 ip route 10.20.2.0 255.255.255.248 Tunnel1 20 ip route 10.20.3.0 255.255.255.248 Tunnel3 20 ip route 128.138.140.44 255.255.255.255 10.20.1.254 ip route 184.105.192.247 255.255.255.255 10.20.1.254 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list extended TerminalAccess permit tcp host 10.20.2.1 any eq 22 permit tcp host 10.20.3.1 any eq 22 permit tcp object-group obj-10.XX.XX.0 any eq 22 permit tcp object-group obj-10.20.1.0 any eq 22 permit tcp object-group obj-172.31.20.0 any eq 22 ! ip sla 1 icmp-echo 192.10.1.2 source-ip 192.10.1.1 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 192.10.1.3 source-ip 192.10.1.1 ip sla schedule 2 life forever start-time now logging trap debugging logging source-interface GigabitEthernet1 logging host 10.XX.XX.151 transport udp port 1516 dialer watch-list 1 ip 172.20.151.1 255.255.255.255 dialer watch-list 1 delay route-check initial 30 dialer watch-list 1 delay connect 1 dialer-list 1 protocol ip permit ipv6 ioam timestamp ! ! snmp-server community public RO 99 snmp-server trap-source GigabitEthernet1 snmp-server location LaSalle, IL snmp-server contact XXXXXXXXXXX snmp-server enable traps c3g snmp-server enable traps LTE snmp-server enable traps wpan snmp-server enable traps envmon snmp-server enable traps config snmp-server enable traps event-manager snmp-server enable traps ipsla snmp-server enable traps alarms informational snmp-server host 10.XX.XX.150 version 2c public event-manager ipsla snmp-server host 10.XX.XX.151 version 2c public config event-manager ipsla snmp-server host 10.XX.XX.220 version 2c public access-list 1 permit any access-list 2 permit 10.20.1.0 0.0.0.255 access-list 10 permit 10.20.1.0 0.0.0.7 access-list 10 permit 10.20.2.0 0.0.0.7 access-list 10 permit 10.20.3.0 0.0.0.7 access-list 10 permit 192.10.1.0 0.0.0.15 access-list 99 permit 10.XX.XX.150 access-list 99 permit 10.XX.XX.151 access-list 99 permit 10.XX.XX.152 access-list 100 permit ip any any access-list 199 permit ip host 10.170.XX.1 any access-list 199 deny ip any any log ! control-plane ! ! ! ! line con 0 stopbits 1 line 1 2 stopbits 1 line 3 script dialer lte no exec transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh transport input ssh transport output ssh speed 144000 line 8 no exec transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh line 1/3 1/6 transport preferred none transport output none stopbits 1 line vty 0 4 session-timeout 60 output access-class TerminalAccess in login local transport input ssh ! no scheduler max-task-time ntp server 10.XX.XX.220 ntp server 184.105.192.247 iox client enable interface GigabitEthernet2 ! ! ! ! ! event manager applet ipsla-up event snmp oid 1.3.6.1.4.1.9.9.42.1.2.10.1.2.1 get-type exact entry-op eq entry-val "1" exit-op ne exit-val "1" poll-interval 10 ! end CTU#
10-22-2020 02:35 PM
Hello,
I don't know why there is a dialer watch and a dialer group, as the dialer watch doesn't appear to be in use. Either way, try to use the dialer watch:
interface Cellular0
ip address negotiated
ip access-group 199 out
ip accounting output-packets
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
--> no dialer-group 1
--> dialer watch-group 1
no peer default ip address
async mode interactive
routing dynamic
10-23-2020 04:51 AM
No luck, although the interface no longer shows as down which I assume is due to the dialer watch list?
Cellular0 unassigned YES manual up up
I changed the interface back to 'no ip address'. The SIM has a static IP assigned, though I never have actually configured the IP on these interfaces before (would be confused as to why or that could change). The initial config ran for several years on 3 modems, with an additional that was used for testing though the cellular interface was only used for brief time.
sh run interface cellular 0 Building configuration... Current configuration : 307 bytes ! interface Cellular0 no ip address ip access-group 199 out ip accounting output-packets ip nat outside ip virtual-reassembly in encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 0 dialer watch-group 1 no peer default ip address async mode interactive routing dynamic end
Has something possibly changed with Verizon, and or compatibility of this configuration that prevents it from connecting to the APN? Another problem I seem to be having is setting debug for chat and dialer I see nothing logged. This was not the case when I started as I was seeing the "Di1: No free dialer" messages. I have manually shut and no shut the cellular 0 interface, is it maybe something I am missing to kick start this?
10-23-2020 09:53 AM
Hello,
what if you take the access list off the interface ?
interface Cellular0
no ip address
--> no ip access-group 199 out
ip accounting output-packets
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer watch-group 1
no peer default ip address
async mode interactive
routing dynamic
10-23-2020 10:20 AM
The access list was actually advised by Cisco a few years back as a means to prevent Verizon's APN seeing traffic not sourced from the cellular or something along that line. Regardless, removing it had no effect. It was permitting just the static IP that the APN provides and denying any other traffic. Unless someone on Verizon's side accidently put these SIMs in a different pool, the 10.170.xx.1 permitted address should be OK.
I did contact VZW this morning and the 3 modems (all IR809s) which are offline are not blocked or anything from their end. The IR809s for whatever reason just stopped working, no longer connecting to APN, profile is "INACTIVE", and none are retrieving their IP address (which is static assigned from the APN).
Frustrating part is this seemingly worked fine for a few years and just stopped unexpectant on its own.
10-24-2020 12:22 PM
Hello,
based on your last post, and since three 809s are suddenly not working anymore, I would ask Verizon to test if they can ping the assigned IP addresses if you statically configure them on your routers. After all, it does sound something has been altered on the Verizon side.
At the very least, configure the addresses statically, and see if you can ping them from an external address.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: