Solved: ISR 4331 cellular 4G LTE NIM config

vv0bbLeS · ‎02-09-2022

Hello all,

I am working on an ISR 4331/K9 router with a NIM-LTEA-EA module (so the "advanced" 4G NIM module), and I am trying to follow the ISR 4000 series Cisco 4G LTE and Cisco 4G LTE-Advanced Network Interface Module Software Configuration Guide to get the cellular link working, but I'm a bit confused.

In following the above document, I'm following the instructions in the Configuring Cisco 4G LTE NIM section, where it has you verify your signal strength and setup a data profile and all that, which I have done. However, even after configuring the default data profile 1 with our APN, username, and password, the data profile remains inactive and the cellular link will not come up (specifically interface cellular 0/1/0

ROUTER1(config-if)#do sh run int ce0/1/0
Building configuration...

Current configuration : 80 bytes
!
interface Cellular0/1/0
 ip address negotiated
 no snmp trap link-status
end

ROUTER1(config-if)#
ROUTER1(config-if)#end
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#show cell 0/1/0 profile 
Profile password Encryption level =  7


Profile 1 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = notreal.fake.com
Authentication = CHAP
Username =  helloworld_123-45
Password =  1234567890ABCD

  * - Default profile 
 ** - LTE attach profile


Configured default profile for active SIM 0 is profile 1.

ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#show ip int br
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   unassigned      YES NVRAM  down                  down    
GigabitEthernet0/0/1   unassigned      YES NVRAM  down                  down    
GigabitEthernet0/0/2   unassigned      YES NVRAM  down                  down    
Cellular0/1/0          unassigned      YES NVRAM  down                  down    
Cellular0/1/1          unassigned      YES NVRAM  administratively down down    
GigabitEthernet0       unassigned      YES NVRAM  down                  down    
Loopback0              unassigned      YES unset  up                    up      
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#show cell 0/1/0 firmware
 Idx Carrier      FwVersion        PriVersion   Status  
 1   ATT          02.20.03.00      002.020_000  Active  
 2   BELL         02.20.03.00      000.010_000  Inactive
 3   GENERIC      02.20.03.00      002.017_001  Inactive
 4   ROGERS       02.20.03.00      000.011_000  Inactive
 5   SPRINT       02.20.03.22      002.020_000  Inactive
 6   TELUS        02.20.03.00      000.011_000  Inactive
 7   VERIZON      02.20.03.22      002.026_001  Inactive

Firmware Activation mode  =  MANUAL
ROUTER1#

However, if I configure a Dialer Watch-List on the router and attach it to the cellular interface as a Watch-Group, the cell0/1/0 interface comes up just fine:

ROUTER1(config)#dialer watch-list 1 ip 5.6.7.8 0.0.0.0
ROUTER1(config)#dialer watch-list 1 delay route-check initial 60
ROUTER1(config)#dialer watch-list 1 delay connect 1
ROUTER1(config)#
ROUTER1(config)#
ROUTER1(config)#int cellular 0/1/0
ROUTER1(config-if)#
ROUTER1(config-if)#dialer in-band
ROUTER1(config-if)#dialer watch-group 1
ROUTER1(config-if)#
ROUTER1(config-if)#
ROUTER1(config-if)#
*Feb  9 13:41:02.097: %LINK-3-UPDOWN: Interface Cellular0/1/0, changed state to up
*Feb  9 13:41:03.097: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/1/0, changed state to up
ROUTER1(config-if)#
ROUTER1(config-if)#
ROUTER1(config-if)#
ROUTER1(config-if)#end 
ROUTER1#
ROUTER1#
*Feb  9 13:41:13.566: %SYS-5-CONFIG_I: Configured from console by console
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#
ROUTER1#show cellular 0/1/0 profile 
Profile password Encryption level =  7


Profile 1 = ACTIVE* **
--------
PDP Type = IPv4
PDP address = W.X.Y.Z
IPv4 PDP Connection is successful
Access Point Name (APN) = notreal.fake.com
Authentication = CHAP
Username =  helloworld_123-45
Password =  1234567890ABCD
        Primary DNS address = A.B.C.D
        Secondary DNS address = E.F.G.H

  * - Default profile 
 ** - LTE attach profile


Configured default profile for active SIM 0 is profile 1.

ROUTER1#
ROUTER1#
ROUTER1#show run int cellular 0/1/0
Building configuration...

Current configuration : 156 bytes
!
interface Cellular0/1/0
 ip address negotiated
 ip tcp adjust-mss 1390
 dialer in-band
 dialer watch-group 1
 no snmp trap link-status
 pulse-time 1
end

ROUTER1#
ROUTER1#
ROUTER1#show ip int br
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   unassigned      YES NVRAM  down                  down    
GigabitEthernet0/0/1   unassigned      YES NVRAM  down                  down    
GigabitEthernet0/0/2   unassigned      YES NVRAM  down                  down    
Cellular0/1/0          W.X.Y.Z         YES IPCP   up                    up      
Cellular0/1/1          unassigned      YES NVRAM  administratively down down    
GigabitEthernet0       unassigned      YES NVRAM  down                  down    
Loopback0              unassigned      YES unset  up                    up      
ROUTER1#
ROUTER1#

However, in the above linked document, in the Features Not Supported in Cisco 4G LTE NIM section, we see that External Dialers are not supported for this NIM card. But I couldn't get the cellular link to come up without some Dialer config.

So, I suppose my questions are:

1. Why did I need a Dialer Watch-List for the cellular link to come up, when External Dialers supposedly aren't supported for this NIM card? (i.e. what purpose does the Dialer config serve when dealing with cellular connections?)

2. Could I have gotten the cellular link to come up without any Dialer config?

Looking forward to learning more about this one. Thanks!

0xD2A6762E

vv0bbLeS · ‎02-10-2022

OK, so I've done some research and testing on this router over the past few days, and I'm posting my findings here as others may find it helpful information.

DISCLAIMER: This post is meant for informational purposes only. Use this config at your own risk. There are many other options for configuring cellular connections, so please review the Cisco documentation for any additional config you may need (like config for taking the cell interface down if it hasn't had traffic in X number of seconds, etc.). Also, if I have misspoken in anything below, please (kindly) reply with a correction. Thanks!

Sources:

A Quick Note on the distinction between "Controller" vs. "Interface" (taken from https://community.cisco.com/t5/switching/difference-between-interface-and-controller-interface/td-p/2931591 ) :

This is the basic logic: The controller represents the hardware of the interface module whose configuration affects all interfaces on the module. Configuring the controller is typical for ISDN or selected DSL interface modules. Ethernet interfaces or plain Serial interfaces do not have similar configurable properties, and so there is no controller configuration available for them.

Older IOS Cell Config

We used to create a chat-script , which contains the ATDT (ATtention Dial Tone) commands that will be used to dial the modem, and also what to expect back from the modem.
- Chat-scripts are of format chat-script [name] expect send expect send...
- So in one of our standard chat scripts: chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
  - The first expect string of "" (null) means the router is expecting nothing from the modem to start with
  - The first send string of "AT!CALL" is the Attention part of the ATDT messages. The AT signals to the modem that it's about to receive some information, and then we send it the string !CALL
  - We then use the special string TIMEOUT 60 which means we will wait 60 seconds for a response from the modem
  - The response we then expect to get from the modem within 60 seconds is an "OK"
Under the cellular interface (e.g. interface cellular 0/1/0 )

We would run dialer string lte which references the chat-script "lte" we created earlier, i.e. this is the chat-script to use when dialing the cell modem on the router.

After this, we could choose whether we wanted to configure a "triggered" Cell connection or an "Always On" cell connection, which will be discussed in more detail below.

In more recent IOS versions:

Chat-scripts are no longer needed, as the IOS software creates them automatically.
We don't need dialer string lte on the interface since we don't have a chat-script anymore (and in modern IOS the command isn't even available).
If we wanted a "Triggered" cell backup, i.e. the cell only comes up when triggered by certain traffic (like by IP traffic for example):
1. We can use a dialer-list to define what type of traffic should trigger the connection, and when the router sees that traffic it will turn on the cell connection.
2. We would then use the dialer-group interface command to apply that dialer-list to an interface (we first have to run dialer in-band on the interface to define what dialer we want to use, and then we can run the dialer-group command):

If we wanted an "Always On" cell connection (so the cell is always trying to stay "up"):
1. We would create a dialer watch-list which tells the router to watch for a certain route and if it disappears from the routing table, turn on the connection.
  - So in our config we say dialer watch-list 1 ip 5.6.7.8 0.0.0.0 which tells the router to watch if the 5.6.7.8/0 disappears from the routing table, and if it does, start the related connections (i.e. interfaces with this watch-list applied).
  - Of course, the 5.6.7.8/0 is a fake route that shouldn't ever be in the routing table, so that means the router will always look to start the connections where this watch-list is applied.
2. We also enter the dialer watch-list 1 delay connect 1 command to tell the router to only wait the minimum time of 1 second before bringing up the cell link
  - This command is normally used when you have a primary and a secondary link, and you want to wait a certain amount of time before bringing up the secondary link to give the primary link that went down a chance to come back up on its own. Of course here we're saying we don't want to wait at all to bring up the cellular connection.
3. We run the dialer watch-list 1 delay route-check initial 60 command to tell the router to wait 60 seconds after it finishes booting before doing the initial check of the routing table (i.e. the first "watch" of the routing table). By default the router will start watching the routing table immediately after booting, so we're telling it to wait 60 seconds to prevent any unnecessary dialing.
4. We would then apply the watch-list to our cellular 0/1/0 interface with a dialer watch-group

So, the steps we need to take to get the cellular working on a modern router IOS would be:

Create the Cell Profile
Make sure the Cell Profile is attached to the Cellular Controller
Turn off auto-SIM on the cell controller (at least for my situation)
Configure a dialer watch-list on the router (if doing "Always On" cell) or a dialer-list (if doing "Triggered" cell)
Configure the cell interface
CAUTION: Configure a static route toward cellular interface IF NEEDED

Creating the Cell profile

To configure the cell profile, you usually need three things (at least in my case because I'm doing authentication. If you're not doing any authentication then please check the Cisco documentation for your situation):
1. APN Name
1. Username
2. Password
Once we have those 3 things, we can actually create the cell profile at the plain EXEC prompt (note that we're going to be using CHAP authentication, so we'll specify that in the below command):

Cellular 0/1/0 lte profile create 1 [APN name] [username] [password] ipv4
- Note that the create keyword is also for editing an existing profile, which is what we're doing here since we're just editing the default cell profile of 1.
- The last keyword of ipv4 tells what type of data payload we're going to use when establishing a packet data session with this cell profile.

Make sure the Cell Profile is attached to the Cellular Controller

Since we're using the default cell profile of 1, it is already attached to the Controller by default, but you can verify this by running show controller cellular 0/1/0 details and looking for the line that says IDB Cellular0/1/0: DIP profile id = 1

If you need to manually assign the profile to the cellular controller, you can run these commands:
- conf t
- controller cellular 0/1/0
- lte sim data-profile 1 attach-profile 1 slot 0

Turn off Auto-SIM on the Cell Controller (at least in my situation)

The Cell Controller has an Auto-SIM function where it tries to automatically detect the right carrier firmware for the inserted SIM card and activate that firmware on the modem. This can be useful in dual-SIM environments or for ease of switchover to other providers.
In my case, I'm not doing dual-SIM and I don't want any auto-activation of carrier firmware, so I'm turning it off. Please use discretion for your own situation:

conf t
controller cellular 0/1/0
no lte firmware auto-sim

Configure a dialer watch-list on the router (if doing "Always On" cell) or a dialer-list (if doing "Triggered" cell)

This was already discussed above, and which one you configure depends on whether you want to do "Always On" or "Triggered" cell.

Configure the cell interface

This was also discussed above, but in addition to that we also want to configure ip address negotiated on the cell interface so it will get an IP from the carrier.

CAUTION: Configure static route for cellular interface IF NEEDED

If doing "triggered" cellular :
- You will need some IP traffic to go across the cellular interface so it will come up, so we have a few options:

If doing "Always On" cellular:
- Use the same precautions as above, but with the "always on" cellular you also have the option of using a routing protocol to get routes from a neighbor (e.g. BGP).
  - BUT AGAIN, USE EXTREME CAUTION WITH THIS AS BGP HAS A VERY LOW AD AND COULD TAKE OVER ROUTING IF YOU'RE NOT CAREFUL (i.e. be sure to use BGP prepends if needed, etc.).

Modern config example for "Triggered" cellular

!

! Again this profile config is if you're doing authentication (in my case, CHAP)

cellular 0/1/0 lte profile create 1 [APN] chap [username] [password] ipv4

!

conf t

controller cellular 0/1/0

no lte firmware auto-sim

lte sim data-profile 1 attach-profile 1 slot 0

exit

!

dialer-list 1 protocol ip permit

interface cellular 0/1/0

ip address negotiated

dialer in-band

dialer-group 1

exit

! CAREFULLY add any default routes you need (as discussed above)

Modern config example for "Always On" cellular:

!

! Again this profile config is if you're doing authentication (in my case, CHAP)

cellular 0/1/0 lte profile create 1 [APN] chap [username] [password] ipv4

!

conf t

controller cellular 0/1/0

no lte firmware auto-sim

lte sim data-profile 1 attach-profile 1 slot 0

exit

!

dialer watch-list 1 5.6.7.8 0.0.0.0

dialer watch-list 1 delay connect 1

dialer watch-list 1 delay route-check initial 60

!

interface cellular 0/1/0

ip address negotiated

dialer in-band

dialer watch-group 1

exit

!

! CAREFULLY add any default routes you need!

! COULD also do BGP if needed

Troubleshooting

The modem of course can take a long time to boot up, even after IOS is loaded (several minutes even). You should see log messages once it has come up.
Run show cellular 0/1/0 radio and make sure the Channel and Band are populated
Run show cellular 0/1/0 network and make sure the Packet Switch Domain State shows as "attached" and the Network shows the proper carrier
Run show cellular 0/1/0 firmware and confirm your carrier shows as "Active"
1. If it doesn't, from the EXEC prompt you can activate it manually by running:
  1. cellular lte firmware-activate <firmware-index>
Run show cellular 0/1/0 profile and confirm the profile you're using (usually Profile 1) is ACTIVE

Also confirm the last line of output (e.g. Configured default profile for active SIM 0 is profile 1 )

Helpful debugs:

debug dialer (to verify it is trying to dial)
debug chat (sometimes useful to see if APN is configured correctly)
debug cellular 0/1/0 messages callcontrol (can see the cellular network assigning the IP and DNS)

0xD2A6762E

View solution in original post

vv0bbLeS · ‎02-09-2022

UPDATE: after about 17 minutes the cell 0/1/0 interface went DOWN again (no changes to config were made) because it looks like the cell modem itself went down, and then it came back up again. Not sure why modem went up/down?

ROUTER1#
Feb  9 14:06:17.578: %CELLWAN-2-MODEM_DOWN: Modem in slot 0/1 is DOWN
ROUTER1#
.Feb  9 14:07:06.892: %LINK-3-UPDOWN: Interface Cellular0/1/0, changed state to down
.Feb  9 14:07:07.892: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/1/0, changed state to down
ROUTER1#
.Feb  9 14:08:09.911: Setting the band preference on modem for sim 0 to match the configured settings

ROUTER1#
.Feb  9 14:08:22.914: %CELLWAN-2-MODEM_UP: Modem in slot 0/1 is now UP
.Feb  9 14:08:23.116: %CELLWAN-2-MODEM_RADIO: Cellular0/1/0 Modem radio has been turned on
ROUTER1#
.Feb  9 14:08:30.127: %LINK-5-CHANGED: Interface Cellular0/1/0, changed state to administratively down
ROUTER1#
.Feb  9 14:08:30.330: %CELLWAN-2-MODEM_RADIO: Cellular0/1/0 Modem radio has been turned off
.Feb  9 14:08:31.531: %CELLWAN-2-MODEM_RADIO: Cellular0/1/0 Modem radio has been turned on
ROUTER1#
.Feb  9 14:08:35.531: %LINK-3-UPDOWN: Interface Cellular0/1/0, changed state to down
ROUTER1#
.Feb  9 14:08:44.277: %LINK-3-UPDOWN: Interface Cellular0/1/0, changed state to up
.Feb  9 14:08:45.278: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/1/0, changed state to up
ROUTER1#

0xD2A6762E

Georg Pauwen · ‎02-09-2022

Hello,

it is difficult to see what you have configured. Post the output of

sh run

...

vv0bbLeS · ‎02-09-2022

@Georg Pauwen sure no problem, see below:

ROUTER1#sh run
Building configuration...

Current configuration : 11618 bytes
!
! Last configuration change at 13:41:13 CST Wed Feb 9 2022
!
version 17.3
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ROUTER1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !        
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging buffered 65536
logging persistent size 1000000
enable secret 9 $blahblah
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local line
aaa authentication login NO-TACACS line
aaa authorization exec default group tacacs+ if-authenticated 
aaa authorization commands 0 default group tacacs+ local none 
aaa authorization commands 1 default group tacacs+ local none 
aaa authorization commands 15 default group tacacs+ local none 
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
ip name-server A.B.C.D E.F.G.H
ip domain list a.com
ip domain list b.com
ip domain timeout 1
ip domain lookup source-interface Loopback0
ip domain name c.com
!         
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
multilink bundle-name authenticated
no device-tracking logging theft
device-tracking policy DT_trunk_policy
 trusted-port
 device-role switch
 no protocol udp
!         
!
!
!
password encryption aes
!
!
crypto pki trustpoint TP-self-signed-blah
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-blah
 revocation-check none
 rsakeypair TP-self-signed-blah
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-BLAH
 certificate self-signed 01
  ! cert stuff removed
        quit
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01
  ! cert stuff removed
        quit
!
!
license udi pid ISR4331/K9 sn SERIALNUMBER
license boot level appxk9
memory free low-watermark processor 69075
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username tombstone privilege 15 secret 9 $supersecret
!
redundancy
 mode none
!
!         
controller Cellular 0/1/0
 no lte firmware auto-sim
!
!
!
lldp run
!
!
!
!
! 
! 
!
!
interface Loopback0
 no ip address
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 media-type sfp
 negotiation auto
!
interface Cellular0/1/0
 ip address negotiated
 ip tcp adjust-mss 1390
 dialer in-band
 dialer watch-group 1
 no snmp trap link-status
 pulse-time 1
!
interface Cellular0/1/1
 no ip address
 shutdown
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 negotiation auto
!
ip tcp path-mtu-discovery
no ip http server
no ip http secure-server
ip forward-protocol nd
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip ftp source-interface Loopback0
ip tftp source-interface Loopback0
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 192.168.0.1
ip tacacs source-interface Loopback0 
ip ssh source-interface Loopback0
ip ssh version 2
ip ssh dscp 16
!
!
!         
logging trap notifications
logging origin-id hostname
logging source-interface Loopback0
logging host A.B.C.D
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
!
snmp ifmib ifindex persist
!
tacacs-server directed-request
tacacs server SERVER1
 address ipv4 A.B.C.D
 key 6 supersecrettacacskeydontlookplz
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 30 0
 password 7 supersecret7password
 logging synchronous
 login authentication NO-TACACS
 stopbits 1
line aux 0
 session-timeout 30 
 exec-timeout 30 0
 password 7 supersecret7password
 logging synchronous
 login authentication NO-TACACS
 stopbits 1
line vty 0 4
 session-timeout 30 
 exec-timeout 30 0
 password 7 supersecret7password
 logging synchronous
 transport input ssh
line vty 5 15
 session-timeout 30 
 exec-timeout 30 0
 password 7 supersecret7password
 logging synchronous
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "BLAH"
  active
  destination transport-method http
ntp source Loopback0
ntp server A.B.C.D
!
!
!
!
!
!
end
          
ROUTER1#

0xD2A6762E

vv0bbLeS · ‎02-10-2022

OK, so I've done some research and testing on this router over the past few days, and I'm posting my findings here as others may find it helpful information.

DISCLAIMER: This post is meant for informational purposes only. Use this config at your own risk. There are many other options for configuring cellular connections, so please review the Cisco documentation for any additional config you may need (like config for taking the cell interface down if it hasn't had traffic in X number of seconds, etc.). Also, if I have misspoken in anything below, please (kindly) reply with a correction. Thanks!

Sources:

A Quick Note on the distinction between "Controller" vs. "Interface" (taken from https://community.cisco.com/t5/switching/difference-between-interface-and-controller-interface/td-p/2931591 ) :

This is the basic logic: The controller represents the hardware of the interface module whose configuration affects all interfaces on the module. Configuring the controller is typical for ISDN or selected DSL interface modules. Ethernet interfaces or plain Serial interfaces do not have similar configurable properties, and so there is no controller configuration available for them.

Older IOS Cell Config

We used to create a chat-script , which contains the ATDT (ATtention Dial Tone) commands that will be used to dial the modem, and also what to expect back from the modem.
- Chat-scripts are of format chat-script [name] expect send expect send...
- So in one of our standard chat scripts: chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
  - The first expect string of "" (null) means the router is expecting nothing from the modem to start with
  - The first send string of "AT!CALL" is the Attention part of the ATDT messages. The AT signals to the modem that it's about to receive some information, and then we send it the string !CALL
  - We then use the special string TIMEOUT 60 which means we will wait 60 seconds for a response from the modem
  - The response we then expect to get from the modem within 60 seconds is an "OK"
Under the cellular interface (e.g. interface cellular 0/1/0 )

We would run dialer string lte which references the chat-script "lte" we created earlier, i.e. this is the chat-script to use when dialing the cell modem on the router.

After this, we could choose whether we wanted to configure a "triggered" Cell connection or an "Always On" cell connection, which will be discussed in more detail below.

In more recent IOS versions:

Chat-scripts are no longer needed, as the IOS software creates them automatically.
We don't need dialer string lte on the interface since we don't have a chat-script anymore (and in modern IOS the command isn't even available).
If we wanted a "Triggered" cell backup, i.e. the cell only comes up when triggered by certain traffic (like by IP traffic for example):
1. We can use a dialer-list to define what type of traffic should trigger the connection, and when the router sees that traffic it will turn on the cell connection.
2. We would then use the dialer-group interface command to apply that dialer-list to an interface (we first have to run dialer in-band on the interface to define what dialer we want to use, and then we can run the dialer-group command):

If we wanted an "Always On" cell connection (so the cell is always trying to stay "up"):
1. We would create a dialer watch-list which tells the router to watch for a certain route and if it disappears from the routing table, turn on the connection.
  - So in our config we say dialer watch-list 1 ip 5.6.7.8 0.0.0.0 which tells the router to watch if the 5.6.7.8/0 disappears from the routing table, and if it does, start the related connections (i.e. interfaces with this watch-list applied).
  - Of course, the 5.6.7.8/0 is a fake route that shouldn't ever be in the routing table, so that means the router will always look to start the connections where this watch-list is applied.
2. We also enter the dialer watch-list 1 delay connect 1 command to tell the router to only wait the minimum time of 1 second before bringing up the cell link
  - This command is normally used when you have a primary and a secondary link, and you want to wait a certain amount of time before bringing up the secondary link to give the primary link that went down a chance to come back up on its own. Of course here we're saying we don't want to wait at all to bring up the cellular connection.
3. We run the dialer watch-list 1 delay route-check initial 60 command to tell the router to wait 60 seconds after it finishes booting before doing the initial check of the routing table (i.e. the first "watch" of the routing table). By default the router will start watching the routing table immediately after booting, so we're telling it to wait 60 seconds to prevent any unnecessary dialing.
4. We would then apply the watch-list to our cellular 0/1/0 interface with a dialer watch-group

So, the steps we need to take to get the cellular working on a modern router IOS would be:

Create the Cell Profile
Make sure the Cell Profile is attached to the Cellular Controller
Turn off auto-SIM on the cell controller (at least for my situation)
Configure a dialer watch-list on the router (if doing "Always On" cell) or a dialer-list (if doing "Triggered" cell)
Configure the cell interface
CAUTION: Configure a static route toward cellular interface IF NEEDED

Creating the Cell profile

To configure the cell profile, you usually need three things (at least in my case because I'm doing authentication. If you're not doing any authentication then please check the Cisco documentation for your situation):
1. APN Name
1. Username
2. Password
Once we have those 3 things, we can actually create the cell profile at the plain EXEC prompt (note that we're going to be using CHAP authentication, so we'll specify that in the below command):

Cellular 0/1/0 lte profile create 1 [APN name] [username] [password] ipv4
- Note that the create keyword is also for editing an existing profile, which is what we're doing here since we're just editing the default cell profile of 1.
- The last keyword of ipv4 tells what type of data payload we're going to use when establishing a packet data session with this cell profile.

Make sure the Cell Profile is attached to the Cellular Controller

Since we're using the default cell profile of 1, it is already attached to the Controller by default, but you can verify this by running show controller cellular 0/1/0 details and looking for the line that says IDB Cellular0/1/0: DIP profile id = 1

If you need to manually assign the profile to the cellular controller, you can run these commands:
- conf t
- controller cellular 0/1/0
- lte sim data-profile 1 attach-profile 1 slot 0

Turn off Auto-SIM on the Cell Controller (at least in my situation)

The Cell Controller has an Auto-SIM function where it tries to automatically detect the right carrier firmware for the inserted SIM card and activate that firmware on the modem. This can be useful in dual-SIM environments or for ease of switchover to other providers.
In my case, I'm not doing dual-SIM and I don't want any auto-activation of carrier firmware, so I'm turning it off. Please use discretion for your own situation:

conf t
controller cellular 0/1/0
no lte firmware auto-sim

Configure a dialer watch-list on the router (if doing "Always On" cell) or a dialer-list (if doing "Triggered" cell)

This was already discussed above, and which one you configure depends on whether you want to do "Always On" or "Triggered" cell.

Configure the cell interface

This was also discussed above, but in addition to that we also want to configure ip address negotiated on the cell interface so it will get an IP from the carrier.

CAUTION: Configure static route for cellular interface IF NEEDED

If doing "triggered" cellular :
- You will need some IP traffic to go across the cellular interface so it will come up, so we have a few options:

If doing "Always On" cellular:
- Use the same precautions as above, but with the "always on" cellular you also have the option of using a routing protocol to get routes from a neighbor (e.g. BGP).
  - BUT AGAIN, USE EXTREME CAUTION WITH THIS AS BGP HAS A VERY LOW AD AND COULD TAKE OVER ROUTING IF YOU'RE NOT CAREFUL (i.e. be sure to use BGP prepends if needed, etc.).

Modern config example for "Triggered" cellular

!

! Again this profile config is if you're doing authentication (in my case, CHAP)

cellular 0/1/0 lte profile create 1 [APN] chap [username] [password] ipv4

!

conf t

controller cellular 0/1/0

no lte firmware auto-sim

lte sim data-profile 1 attach-profile 1 slot 0

exit

!

dialer-list 1 protocol ip permit

interface cellular 0/1/0

ip address negotiated

dialer in-band

dialer-group 1

exit

! CAREFULLY add any default routes you need (as discussed above)

Modern config example for "Always On" cellular:

!

! Again this profile config is if you're doing authentication (in my case, CHAP)

cellular 0/1/0 lte profile create 1 [APN] chap [username] [password] ipv4

!

conf t

controller cellular 0/1/0

no lte firmware auto-sim

lte sim data-profile 1 attach-profile 1 slot 0

exit

!

dialer watch-list 1 5.6.7.8 0.0.0.0

dialer watch-list 1 delay connect 1

dialer watch-list 1 delay route-check initial 60

!

interface cellular 0/1/0

ip address negotiated

dialer in-band

dialer watch-group 1

exit

!

! CAREFULLY add any default routes you need!

! COULD also do BGP if needed

Troubleshooting

The modem of course can take a long time to boot up, even after IOS is loaded (several minutes even). You should see log messages once it has come up.
Run show cellular 0/1/0 radio and make sure the Channel and Band are populated
Run show cellular 0/1/0 network and make sure the Packet Switch Domain State shows as "attached" and the Network shows the proper carrier
Run show cellular 0/1/0 firmware and confirm your carrier shows as "Active"
1. If it doesn't, from the EXEC prompt you can activate it manually by running:
  1. cellular lte firmware-activate <firmware-index>
Run show cellular 0/1/0 profile and confirm the profile you're using (usually Profile 1) is ACTIVE

Also confirm the last line of output (e.g. Configured default profile for active SIM 0 is profile 1 )

Helpful debugs:

debug dialer (to verify it is trying to dial)
debug chat (sometimes useful to see if APN is configured correctly)
debug cellular 0/1/0 messages callcontrol (can see the cellular network assigning the IP and DNS)

0xD2A6762E