10-15-2019 08:35 AM
Hello
I am new to this type of config and I am working with a Verizon 4g LTE EHWIC installed into a ISR 1921 and configured with dynamic IP via SIM card. I have had success with getting the 1921 to work on its own and no flapping but when I put this in front of the ISR 4331 off the G0/0/1 port to failover I get the Cellular interface on the ISR 1921 flapping. I read in the docs that if the Carrier does not see what it needs stated in the docs below (as I understand it the IP of the Verizon IP) then it resets the connection. I have this NAT'd and I used a route-map Any help would be greatly appreciated.
Here is what I have tried
When connected it does work but then the Cellular WAN goes down.
I am not sure if the double NAT is causing this however it shouldn't if the main LAN subnet on the 4331 is 10.10.111.0 and nated out to the same subnet as the 1921
So here is the config on the 1921
Cellular Config NAPLES1921#sh cellular 0/0/0 all Hardware Information ==================== Modem Firmware Version = SWI9600M_03.05.10.06 Modem Firmware built = 2012/11/12 15:07:45 Hardware Version = 20 International Mobile Subscriber Identity (IMSI) = 311480524391911 International Mobile Equipment Identity (IMEI) = <removed on Purpose) Integrated Circuit Card ID (ICCID) = 89148000005353118375 Mobile Subscriber International Subscriber IDentity Number (MSISDN) = 19542904072 Profile Information ==================== Profile 1 = ACTIVE* -------- PDP Type = IPv4 PDP address = 100.106.25.102 Access Point Name (APN) = VZWINTERNET Authentication = Unknown Username: Password: Primary DNS address = 198.224.179.135 Secondary DNS address = 198.224.180.135 * - Default profile Data Connection Information =========================== Data Transmitted = 1000 bytes, Received = 960 bytes Profile 1, Packet Session Status = ACTIVE IP address = 100.106.25.102 Primary DNS address = 198.224.179.135 Secondary DNS address = 198.224.180.135 Profile 2, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 3, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 4, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 5, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 6, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 7, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 8, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 9, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 10, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 11, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 12, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 13, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 14, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 15, Packet Session Status = INACTIVE Inactivity Reason = Unknown Profile 16, Packet Session Status = INACTIVE Inactivity Reason = Unknown Network Information =================== Current Service Status = Normal Current Service = Packet switched Current Roaming Status = Home Network Selection Mode = Automatic Mobile Country Code (MCC) = 311 Mobile Network Code (MNC) = 480 Packet switch domain(PS) state = Attached Registration(EMM) state = Registered Radio Information ================= Radio power mode = ON Current RSSI = -63 dBm LTE Technology Preference = AUTO LTE Technology Selected = LTE Modem Security Information ========================== Card Holder Verification (CHV1) = Disabled SIM Status = OK SIM User Operation Required = None Number of CHV1 Retries remaining = 3 Error Information ================= This command is not supported on 4G modems. Modem Crashdump Information ===========================
Here is the Router Config
Current 1921 config Building configuration... Current configuration : 5092 bytes ! ! version 15.2 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname NAPLES1921 ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ip cef ! ! ! ip dhcp excluded-address 192.168.1.1 ip dhcp excluded-address 192.168.1.254 ip dhcp excluded-address 192.168.1.170 ! ip dhcp pool MAIN-LAN network 192.168.1.0 255.255.255.0 dns-server 1.1.1.1 8.8.8.8 default-router 192.168.1.1 lease 7 ! ! ! ip domain name naples.local no ipv6 cef ! multilink bundle-name authenticated ! chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK" ! ! license udi pid CISCO1921/K9 sn FTX17418490 license boot module c1900 technology-package securityk9 ! ! ! redundancy ! ! ! ! ! controller Cellular 0/0 ! ! class-map type inspect match-any WAN_SELFCMAP description Self Zone Protection INTO Router match access-group name WAN_SELF class-map type inspect match-any SELF_WANCMAP description Self Zone Protection OUT Router match access-group name SELF_WAN class-map type inspect match-any LAN-WANCMAP description Main Corporate LAN match protocol tcp match protocol udp match protocol icmp class-map type inspect match-any GUEST_WANCMAP description Guest Network WiFi match protocol http match protocol https match protocol dns match protocol icmp class-map type inspect match-any WAN_MAINLAN-CMAP match access-group name WAN_LAN ! policy-map type inspect WAN_SELF description Control Plane Protection Self INTO Router class type inspect WAN_SELFCMAP pass class class-default drop policy-map type inspect LAN-WANPMAP description Corporate LAN OUT TO WAN class type inspect LAN-WANCMAP inspect class class-default drop policy-map type inspect WAN_MAINLAN-PMAP class type inspect WAN_MAINLAN-CMAP inspect class class-default drop policy-map type inspect SELF_WANPMAP description Control PLane Protection OUT of Router class type inspect SELF_WANCMAP pass class class-default drop policy-map type inspect GUEST_WANPMAP description Guest Network OUT to WAN class type inspect GUEST_WANCMAP inspect class class-default drop ! zone security WAN description WAN INTRFACES zone security MAIN-LAN description Main Corporate LAN zone security GUEST-LAN description Guest Network LAN zone-pair security WAN-TO-SELF source WAN destination self description WAN TO SELF PROTECTION service-policy type inspect WAN_SELF zone-pair security SELF-TO-WAN source self destination WAN description SELF TO WAN PERMITTED TRAFFIC service-policy type inspect SELF_WANPMAP zone-pair security MAINLAN-WAN source MAIN-LAN destination WAN description MAIN-LAN To WAN INTERFACES service-policy type inspect LAN-WANPMAP zone-pair security GUESTLAN-WAN source GUEST-LAN destination WAN description GUEST LAN TO WAN INTERFACES service-policy type inspect GUEST_WANPMAP ! ! ! ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address dhcp no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly in zone-member security WAN shutdown duplex auto speed auto ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security MAIN-LAN ip tcp adjust-mss 1300 ip policy route-map clear-df duplex auto speed auto ! interface Cellular0/0/0 ip address negotiated no ip unreachables ip nat outside ip virtual-reassembly in zone-member security WAN encapsulation slip load-interval 30 dialer in-band dialer idle-timeout 0 dialer string ltescript dialer watch-group 1 async mode interactive ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source route-map BACKUP interface Cellular0/0/0 overload ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 ip route 10.10.111.0 255.255.255.0 192.168.1.170 ! ip access-list extended SELF_WAN permit icmp any any echo permit udp any any eq bootps permit udp any any eq domain deny ip any any ip access-list extended WAN_LAN deny ip any any ip access-list extended WAN_SELF permit icmp any any echo-reply permit udp any any eq bootpc permit udp any eq domain any deny ip any any ! access-list 100 permit ip any any dialer watch-list 1 ip 4.5.7.8 0.0.0.0 dialer watch-list 1 delay route-check initial 60 dialer watch-list 1 delay connect 1 ! route-map BACKUP permit 10 match ip address 100 match interface Cellular0/0/0 ! route-map clear-df permit 10 set ip df 0 ! ! ! control-plane ! ! ! line con 0 exec-timeout 30 0 logging synchronous login local line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line 0/0/0 script dialer ltescript modem InOut no exec transport input telnet rxspeed 100000000 txspeed 50000000 line vty 0 4 exec-timeout 30 0 logging synchronous login local transport input ssh ! scheduler allocate 20000 1000 ! end
Thank you
Joseph
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide