cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2947
Views
5
Helpful
13
Replies

LTE connection - no access to the internet

beta_admin66
Level 1
Level 1

Hi everyone, I have set up an LTE connection on a Cisco router. Cellular interface is up/up, IP address has also been assigned. DHCP is also set up for a local address range. The user receives an IP address from the local area, but he has no connection to the Internet. You have to work with NAT here. What does the NAT configuration look like?

13 Replies 13

Hello,

 

post the running configuration of your LTE router...

we need config 

beta_admin66
Level 1
Level 1

!
ip name-server xxx
no ip domain lookup
ip domain name xxx
ip dhcp excluded-address xxx.xxx.xxx.xxx
!
ip dhcp pool xxx
network xxx.xxx.xxx.xxx
default-router xxxx.xxx.xxx.xxx
dns-server xxx.xxx.xxx.xxx
!
!
!
vlan xx
name xx
!
vlan xy
name xy - clients vlan xy should be access to the internet
!
!
interface GigabitEthernet0/0/0 -> this the main connection, clients should be an access to the internet
description xxx.xxx.xxx.xxx
ip address xxx.xxx.xxx.xxx -> this the static public ip
negotiation auto
ip virtual-reassembly
!
!
interface GigabitEthernet0/1/0
description xxx
switchport access vlan xy
switchport mode access
switchport nonegotiate
!
!
!
interface Cellular0/2/0 - I don't know what to configure here.
ip address negotiated
ip tcp adjust-mss 1460
ipv6 enable
!
!
interface Vlanxx
description xxx
ip address xxx
ip nat inside
ip virtual-reassembly
!
interface Vlanxy
description xy
ip address xxx.xxx.xxx.xxx
ip nat inside
ip virtual-reassembly
!
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx - Default gateway of the public ip address
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 100
!

Hello

Show version


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello,

 

what are you trying to accomplish, have the Cellular interface configured as a backup to the main interface (GigabitEthernet0/0/0) ?

Hello,

 

make the changes/additions marked in bold:

 

ip name-server xxx
no ip domain lookup
ip domain name xxx
ip dhcp excluded-address xxx.xxx.xxx.xxx
!
ip dhcp pool xxx
network xxx.xxx.xxx.xxx
default-router xxxx.xxx.xxx.xxx
dns-server xxx.xxx.xxx.xxx
!
vlan xx
name xx
!
vlan xy
name xy
!
--> track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0/0
description xxx.xxx.xxx.xxx
ip address xxx.xxx.xxx.xxx
--> ip nat outside
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/1/0
description xxx
switchport access vlan xy
switchport mode access
switchport nonegotiate
!
interface Cellular0/2/0
ip address negotiated
--> ip nat outside
ip tcp adjust-mss 1460
ipv6 enable
!
interface Vlanxx
description xxx
ip address xxx
ip nat inside
ip virtual-reassembly
!
interface Vlanxy
description xy
ip address xxx.xxx.xxx.xxx
ip nat inside
ip virtual-reassembly
!
--> ip sla 1
--> icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
!
--> ip sla schedule 1 start-time now life forever
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
!
--> ip nat inside source route-map MAIN_NAT interface GigabitEthernet0/0/0 overload
--> ip nat inside source route-map BACKUP_NAT interface Cellular0/2/0 overload
--> ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 100
!
--> access-list 1 permit x.x.x.x y.y.y.y (subnet of Vlan XX)
--> access-list 1 permit x.x.x.x y.y.y.y (subnet of Vlan XY)
!
--> route-map MAIN_NAT permit 10
--> match ip address 1
--> match interface GigabitEthernet0/0/0
!
--> route-map BACKUP_NAT permit 10
--> match ip address 1
--> match interface Cellular0/2/0

beta_admin66
Level 1
Level 1

After the reboot the cellular interface 0/2/0 doesn´t receive an ip address. 

Here is the configuration:

cellular 0/2/0 lte profile create 1 <APN-name> pap <username> <password> ipv4

cellular 0/2/0 lte sim unlock xxx

lte sim data-profile 1 attach-profile 1 slot 0

 

000101: *Dec 1 10:18:25.748 UTC: %CELLWAN-2-MODEM_UP: Modem in slot 0/2 is now UP
000102: *Dec 1 10:18:25.950 UTC: %CELLWAN-2-MODEM_RADIO: Cellular0/2/0 Modem radio has been turned on

Hello,

 

post the full running configuration (sh run) starting from the top. The previous one you posted missed the chat script...

beta_admin66
Level 1
Level 1

The interface cellullar 0/2/0 now receives an IP address. But with the client (notebook) has no access to the Internet.

 

Enclosed the configuration:

!
ip name-server xxx.xxx.xxx.xxx
no ip domain lookup
ip domain name xxx
ip dhcp excluded-address xxx.xxx.xxx.xxx
!
ip dhcp pool xxx
network xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
default-router xxx.xxx.xxx.xxx
dns-server xxx.xxx.xxx.xxx
!
controller Cellular 0/2/0
!
controller VDSL 0/3/0
!
vlan internal allocation policy ascending
!
vlan xx
name xxx
!
vlan xy
name xy
!
track 1 ip sla 1 reachability
!
track 33 ip sla 33 reachability
!
interface GigabitEthernet0/0/0
description xxx
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip nat outside
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/1/0
description xy
switchport access vlan xy
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/1/1
description xy
switchport access vlan xy
switchport mode access
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
ip tcp adjust-mss 1460
dialer in-band
dialer idle-timeout 0
dialer-group 1
ipv6 enable
pulse-time 1
!
interface Cellular0/2/1
no ip address
shutdown
!
interface ATM0/3/0
no ip address
shutdown
atm oversubscribe factor 2
!
interface Ethernet0/3/0
no ip address
shutdown
no negotiation auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlanxx
description xxx
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip nat inside
ip access-group xyz in
ip virtual-reassembly
!
interface Vlanxy
description xxx
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip nat inside
ip access-group xyz in
ip virtual-reassembly
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat pool net xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx
ip nat inside source list 7 pool net overload
ip nat inside source route-map BACKUP_NAT interface Cellular0/2/0 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 100
!
!
ip access-list extended NAT
10 permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx any
30 permit ip xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx any
ip access-list extended xyz
10 permit ip any host xxx.xxx.xxx.xxx
20 deny ip any xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
30 permit ip any any
40 permit ip any host xxx.xxx.xxx.xxx
50 permit ip any host xxx.xxx.xxx.xxx
60 deny ip any xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/0
ip sla schedule 1 life forever start-time now
ip access-list standard 7
10 permit xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dialer-list 1 protocol ip permit
!
route-map BACKUP_NAT permit 10
match ip address 1
match interface Cellular0/2/0
!
route-map MAIN_NAT permit 10
match ip address 1
match interface GigabitEthernet0/0/0
!

 

Hello, 

 

what do you want to accomplish ? The cellular as a backup ? You added a lot of redundant stuff, and a lot of it doesn't make any sense. Use the basic config I posted earlier. What is the result of that ?

First of all, I want users to get an Internet connection via LTE via the notebook.

Hello,

 

use the config below. When you are done, post your running config again, so we can double check. Since you x-ed out all IP addresses, I put in some arbitrary one, make sure you are using the ones that are actually in use:

 

ip name-server xxx.xxx.xxx.xxx
no ip domain lookup
ip domain name xxx
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN10
network 192.168.1.0 255.555.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
ip dhcp pool VLAN20
network 192.168.2.0 255.555.255.0
default-router 192.168.2.1
dns-server 8.8.8.8
!
controller Cellular 0/2/0
!
controller VDSL 0/3/0
!
vlan internal allocation policy ascending
!
vlan 10
name Vlan_10
!
vlan 20
name Vlan_20
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0/0
description xxx
ip address 1.1.1.1 255.255.255.252
ip nat outside
negotiation auto
ip virtual-reassembly
!
interface GigabitEthernet0/1/0
description xy
switchport access vlan xy
switchport mode access
switchport nonegotiate
!
interface GigabitEthernet0/1/1
description xy
switchport access vlan xy
switchport mode access
!
interface Cellular0/2/0
ip address negotiated
ip nat outside
ip tcp adjust-mss 1460
dialer in-band
dialer idle-timeout 0
dialer-group 1
ipv6 enable
pulse-time 1
!
interface Cellular0/2/1
no ip address
shutdown
!
interface ATM0/3/0
no ip address
shutdown
atm oversubscribe factor 2
!
interface Ethernet0/3/0
no ip address
shutdown
no negotiation auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlanxx
description Vlan 10
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlanxy
description Vlan 20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map MAIN_NAT interface Cellular0/2/0 overload
ip nat inside source route-map BACKUP_NAT interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 1.1.1.2 200
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
!
ip sla 1
icmp-echo 8.8.8.8 source-interface Cellular0/2/0
ip sla schedule 1 life forever start-time now
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
dialer-list 1 protocol ip permit
!
route-map BACKUP_NAT permit 10
match ip address 1
match interface GigabitEthernet0/0/0
!
route-map MAIN_NAT permit 10
match ip address 1
match interface Cellular0/2/0

I think you need to config DNS proxy here, 
make router ask DNS server ip from ISP, 
config router to be the DNS server for all client, then the router will receive the DNS inquiry and resend it to ISP DNS. 
or check the DNS server you receive form ISP and then enter this IP into DHCP pool.

this two method should be work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco