Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
903
Views
5
Helpful
3
Replies

ISR 2921 and EHWIC-4G-LT-VZ Keeps flapping and resetting intermittently

gnm1978
Level 1
Level 1

‎04-03-2018 12:37 PM - edited ‎03-05-2019 10:12 AM

Hello, I'm hoping that someone will help me. I'm setting up my 2929 router to use the cellular interface as a backup for my Comcast business internet. I tried a bunch of different ways but the cellular connection keeps flapping and resetting. Below is my configuration. I would really appreciate any kind of help. 

 

Current configuration : 5977 bytes
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Aladdin_Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$OF8N$85JJBhmo4uTlpbvxJzeHx1
!
aaa new-model
!
aaa session-id common
ethernet lmi ce
clock timezone GMT -6 0
clock summer-time CDT recurring
!
ip dhcp excluded-address 192.168.1.0 192.168.1.30
!
ip dhcp pool insideDHCP
network 192.168.1.0 255.255.255.0
dns-server 75.75.75.75 75.75.76.76 8.8.8.8
default-router 192.168.1.1
!
no ip domain lookup
ip domain name aladdinpita.com
ip cef
ipv6 unicast-routing
ipv6 dhcp pool insideDHCPv6
dns-server 2001:558:FEED::1
dns-server 2001:558:FEED::2
!
ipv6 cef
!
parameter-map type inspect V6-param-map
ipv6 routing-header-enforcement loose
sessions maximum 10000
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
!
license udi pid CISCO2921/K9 sn FGL194510BK
license boot suite FoundationSuiteK9
!
username gnm1978 privilege 15 secret 5 $1$kYEk$wReC/hCMDIqJaxrdhrz2t/
!
redundancy
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
track 234 ip sla 1 reachability
delay down 5 up 5
!
class-map type inspect match-any IN-TO-OUT-CLASS
match access-group name IN-TO-OUT-ACL
class-map type inspect match-any OUT-TO-IN-CLASS
match access-group name OUT-TO-IN-ACL
class-map type inspect match-any IN-TO-OUT-CLASS-IPV6
match access-group name IN-TO-OUT-ACL-IPV6
class-map type inspect match-any OUT-TO-IN-CLASS-IPV6
match access-group name OUT-TO-IN-ACL-IPV6
match protocol icmp
!
policy-map type inspect OUT-TO-IN-POLICY
class type inspect OUT-TO-IN-CLASS-IPV6
inspect
class type inspect OUT-TO-IN-CLASS
inspect
class class-default
drop log
policy-map type inspect IN-TO-OUT-POLICY
class type inspect IN-TO-OUT-CLASS-IPV6
inspect
class type inspect IN-TO-OUT-CLASS
inspect
class class-default
drop log
!
zone security OUTSIDE
zone security INSIDE
zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
service-policy type inspect IN-TO-OUT-POLICY
zone-pair security OUT-TO-IN source OUTSIDE destination INSIDE
service-policy type inspect OUT-TO-IN-POLICY
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 96.68.xx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
zone-member security OUTSIDE
duplex auto
speed auto
ipv6 address dhcp
ipv6 enable
ipv6 nd autoconfig default-route
ipv6 dhcp client pd hint ::/60
ipv6 dhcp client pd Comcast-Prefix
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security INSIDE
duplex auto
speed auto
media-type rj45
ipv6 address Comcast-Prefix ::1/64
ipv6 address autoconfig
ipv6 enable
ipv6 dhcp server insideDHCPv6
!
interface GigabitEthernet0/2
no ip address
ip nat inside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
zone-member security OUTSIDE
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
ip local policy route-map track-primary-if
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static tcp 192.168.1.12 1194 interface GigabitEthernet0/0 1 194
ip nat inside source static tcp 192.168.1.13 943 interface GigabitEthernet0/0 94 3
ip nat inside source static tcp 192.168.1.13 443 interface GigabitEthernet0/0 44 3
ip nat inside source route-map nat2cell interface Cellular0/0/0 overload
ip nat inside source route-map nat2comcast interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 96.68.xxx.xxx 5 track 234
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
ip access-list extended IN-TO-OUT-ACL
permit tcp any any
permit udp any any
permit icmp any any
permit tcp any any eq ftp
ip access-list extended OUT-TO-IN-ACL
permit udp host 54.67.127.248 any eq 5060
permit udp host 54.175.63.248 any eq 5060
permit udp host 216.115.69.144 any eq 5060
permit udp host 54.175.63.250 any
permit tcp any eq 443 0.0.0.0 192.168.1.7
permit udp any eq 443 0.0.0.0 192.168.1.7
permit udp any eq 902 0.0.0.0 192.168.1.7
permit tcp any eq 902 0.0.0.0 192.168.1.7
permit tcp any host 192.168.1.12 eq 1194
permit udp host 54.67.127.248 any
permit tcp any host 192.168.1.13 eq 943
permit tcp any host 192.168.1.13 eq 443
permit udp any host 192.168.1.13 eq 1194
!
ip sla 1
icmp-echo 96.68.xx.xxx source-ip 96.68.xx.xxx (next hop)
frequency 10
ip sla schedule 1 life forever start-time now
dialer-list 1 protocol ip list 101
!
route-map nat2comcast permit 10
match ip address 101
match interface GigabitEthernet0/0
!
route-map nat2cell permit 10
match ip address 101
match interface Cellular0/0/0
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any host 96.68.xx.xxx (next hop)
!
ipv6 access-list IN-TO-OUT-ACL-IPV6
permit ipv6 any any
permit icmp any any
!
ipv6 access-list OUT-TO-IN-ACL-IPV6
permit icmp any any
!
control-plane
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script dialer lte
modem InOut
no exec
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
ntp server pool.ntp.org
event manager applet NAT_ClEAR
event track 234 state any
action 0.0 cli command "enable"
action 1.0 cli command "clear ip nat trans *"
action 3.0 syslog msg "FAIL OVER JUST OCCURED"
!
end

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎04-03-2018 03:08 PM

I have experienced symptoms like what you describe. They are typically caused by sending IP packets using the cellular interface where the source address is not the address negotiated for the cellular interface. So the first thing that I looked for was whether you were doing address translation for traffic going out the cellular interface. I found that you are using a route map which combines a match on the interface and a match on an ACL. That is good and usually works. So I looked for something that might send data out the cellular which would not match the ACL. I find that your IP SLA sends traffic specifying an IP address which is not in the network specified in the ACL

ip sla 1
icmp-echo 96.68.xx.xxx source-ip 96.68.xx.xxx (next hop)

 

I suspect this is the cause of your problem. You either need to find a way to force IP SLA to only send traffic out the Ethernet interface or you need to expand the ACL to include this source address.

 

HTH

 

Rick

HTH

Rick

gnm1978
Level 1
Level 1
In response to Richard Burts

‎04-03-2018 07:04 PM

Thank you for the response. So I changed the the ip sla to this 

 

ip sla 1
icmp-echo 96.68.37.xxx source-interface GigabitEthernet0/0
frequency 10
ip sla schedule 1 life forever start-time now

 

but I'm still getting flapping from the cellular interface. I have a static ip address from comcast and that address is the next hop. Below is what I get when I disconnect g0/0

 

 

 

*Apr 4 01:38:24.878: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth ernet0/0, changed state to down
*Apr 4 01:38:25.878: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed stat e to down
*Apr 4 01:38:26.850: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (beare r_id=6) in Cellular0/0/0 is now UP
*Apr 4 01:38:27.042: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (beare r_id=6) in Cellular0/0/0 is now UP
*Apr 4 01:38:31.406: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Apr 4 01:38:32.242: %CELLWAN-2-BEARER_DELETED: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now deleted.
*Apr 4 01:38:32.298: %CELLWAN-2-BEARER_DELETED: Instance id=0, Default bearer (bearer_id=255) in Cellular0/0/0 is now deleted.
*Apr 4 01:38:34.242: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to reset
*Apr 4 01:38:39.242: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down
*Apr 4 01:38:46.802: %TRACK-6-STATE: 234 ip sla 1 reachability Up -> Down
*Apr 4 01:38:46.830: %HA_EM-6-LOG: NAT_ClEAR: FAIL OVER JUST OCCURED
*Apr 4 01:38:51.042: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now UP
*Apr 4 01:38:51.234: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now UP
*Apr 4 01:38:55.794: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Apr 4 01:38:56.794: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up
*Apr 4 01:39:03.762: %CELLWAN-2-BEARER_DELETED: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now deleted.
*Apr 4 01:39:03.818: %CELLWAN-2-BEARER_DELETED: Instance id=0, Default bearer (bearer_id=255) in Cellular0/0/0 is now deleted.
Aladdin_Router#
Aladdin_Router#
*Apr 4 01:39:05.762: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to reset
*Apr 4 01:39:06.762: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to down
*Apr 4 01:39:10.762: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down
*Apr 4 01:39:22.818: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now UP
*Apr 4 01:39:23.010: %CELLWAN-2-BEARER_UP: Instance id=0, Default bearer (bearer_id=6) in Cellular0/0/0 is now UP
Aladdin_Router#
Aladdin_Router#
*Apr 4 01:39:27.378: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Apr 4 01:39:28.378: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to gnm1978

‎04-05-2018 06:11 AM

Sorry to hear that changing the IP SLA did not resolve the issue. My suggestion now is to change the ACL used in the route map for nat in the cellular route map and include the address on Gig0/0 as an address to be translated.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card