[1] http://whirlpool.net.au/wiki/3g_for_network_engineers
Introduction
Like Frame Relay, ISDN, DSL and so on before it, 3G wireless networking encompasses a slew of concepts and pitfalls that can be foreign to a network engineer new to the technology. The following notes were assembled during a programme to deploy 3G wireless WAN links to approximately 70 sites across Qld, NSW, Vic, and WA. The 3G links were primarily deployed as a backup for 1-4 Mb/s SHDSL, Frame Relay (FR) and some ADSL primary links for offices of 5-20 staff. Some remote sites, beyond reach of xDSL or FR, use 3G as the primary link. The entirety of the WAN is connected to the same provider VPN cloud (Telstra's NextIP) – this uniform approach has significant advantages in terms of consistency in design, operations and management. Staff use a mix of standalone PCs and Citrix terminals, roughly four Citrix terminals to one PC.
These notes are focussed on the current Cisco 3G WAN card, the HWIC-3G-GSM. This card is supported by Cisco's 1841, 1861, 2800-series and 3800-series ISR routers. This card only supports High-Speed Downlink Packet Access (HSDPA) "up to" 3.6 Mb/s downlink, 384 kb/s uplink (presumably HSDPA Category 5/6, but they don't actually say). Actual measured speeds are more like 0.8-1 Mb/s down, 200-250 kb/s up.
Some other devices were examined, including the
• Ericsson W25 router
• Call Direct CDR-780seu
• Maxon USB3-8521 "orange" USB modem
• Telstra Turbo 7 Series Express Card and USB (AC880E, AC880U) "blue" modems (rebranded Sierra Wireless cards)
• Ericsson W25 router
• Call Direct CDR-780seu
• Maxon USB3-8521 "orange" USB modem
• Telstra Turbo 7 Series Express Card and USB (AC880E, AC880U) "blue" modems (rebranded Sierra Wireless cards)
The Cisco was bested by all of the above devices in link throughput tests, however other technical, business, operations and management factors meant that the Cisco solution was deployed (most significantly that the WAN design uses DMVPN and EIGRP; the former has limited open support at present, the latter is Cisco-proprietary).
The Cisco 881G 'soho' router will be available sometime in late 2008 – importantly, the 881G will contain a High Speed Uplink Packet Access (HSUPA)-capable modem for much-improved uplink speeds.
What Your Telco Won't Tell You
Telstra's published NextG information is very consumer-oriented, which is to say severely lacking in any technical detail. The most marketing-free source of device and confuguration information is Telstra's so-low-key-as-to-be-almost-invisible www.mobiledata.net.au web site [note: this URL no longer works]. To complicate matters Telstra's NextG network is sold as a number of separate products: data-focused products (the business-oriented Telstra Mobile Wireless Broadband and the consumer-oriented Bigpond Wireless Broadband), and various voice/data Mobile Phone 3G plans. A warning: many Telstra representatives will not be au fait with, or even aware of, many of the company's "other" products; also be very careful in terminology – much confusion can arise if you get lazy with product names (they're all very similar). From the perspective of this document, the primary difference between the services is in the network connectivity: the business products can be connected to an existing NextIP IPWAN service (i.e. private WAN) or the Internet.
3G Overview
It can be helpful to know a little of the background; first, some buzz-word bingo:
"3G" is a broad category of standards and services around "broadband" mobile wireless voice and data. Universal Mobile Telecommunications System (UMTS) is part of this family and is the standard used for 3G services in Australia. Telstra's NextG product is a UMTS implementation using a Wideband CDMA (W-CDMA) radio carrier in the 850 MHz band. There are "legacy" pockets of 2100 MHz used in some areas. Most modems are capable of automatically switching between the two bands, though not always of making the best choice. Some Telstra technical staff recommend sticking to the 850 MHz band.
High Speed Packet Access (HSPA) is a collection of mobile telephony protocols that extend and improve the performance of existing UMTS protocols. Two standards, HSDPA and HSUPA, have been established and a further standard, HSPA+, is soon to be released. The Ericsson whitepaper Basic Concepts of HSPA has a good technical introduction to HSDPA and HSUPA.
High Speed Downlink Packet Access (HSDPA) provides "up to" 14.4 Mb/s down, 384 kb/s up (earlier HSPDA versions only had 1.8 Mb/s down, 128 kb/s up). The various releases, called Categories, of HSDPA in summary (all 384 Kb/s up):
Category 3,4 = 1.8 Mb/s down
Category 5,6 = 3.6 Mb/s
Category 7,8 = 7.2 Mb/s
Category 10 = 14.4 Mb/s
Category 3,4 = 1.8 Mb/s down
Category 5,6 = 3.6 Mb/s
Category 7,8 = 7.2 Mb/s
Category 10 = 14.4 Mb/s
High Speed Uplink Packet Access (HSUPA) provides improved up-link performance of "up to" 5.76 Mb/s (HSUPA Category 6). Telstra's network currently supports HSDPA Category 10 (14.4 Mb/s down), HSUPA Category 6 (5.76 Mb/s up) – though there are no currently available phones or modems that can support these speeds.
Of significant omission on the readily available specifications for HSPA is latency – the "Basic Concepts of HSPA" Ericsson paper states measured (one-way) latency on HSDPA networks as below 70 ms, real-world measurements of round-trip-time on Telstra's NextG network is typically around the 100-120 ms mark. Latency can markedly increase during medium and network congestion. Empirical testing has shown that 3G round trip times can impact interactive applications such as Citrix – an informal survey of four staff using unoptimised Citrix over a NextG link (measured latency ~100-120 ms) showed most staff noticed the lag, but for the majority it wasn't a serious distraction. Staff began to object when background traffic increased round trip times over the 200ms mark. This testing was on a NextIP IPWAN service (APN=telstra.corp), round-trip-times on the Internet-connected service (APN=telstra.internet) are significantly higher at 200-300 ms.
Three components are required to use a 3G data connection: a USIM, a radio modem, and a PC or router. The USIM identifies the subscriber (for billing, etc). The radio modem does the heavy-lifting in providing physical layer (Layer 1) access to the local 3G base station. The PC or router typically usesPPP as the Layer 2 data link to the provider's Network Access Server (NAS), and from there is connected to the provider's Layer 3 network (which may be a private VPN, or public Internet). The overall network architecture is more or less the same as is used for xDSL (PPPoE, PPPoA) or traditional dialup/Frame Relay/ISDN.
USIM, iSim, We All Sim
A UMTS SIM (USIM) is a smart card used to store identification and authentication information, in particular the mobile subscriber ID (IMSI) and secret authentication key (shared with the carrier).
The SIM is uniquely identified via its ICCID; part of this ID is printed on the SIM (the "SIM number"); a full ICCID is 19 (or 20?) characters. The SIM may be protected by a PIN, if so the SIM can not be used without first being given the PIN (once per "session"). A strong PIN will prevent use of a stolen SIM, however Cisco IOS does not provide any facility to automatically unlock a SIM (e.g. on reload), thus it is not practical to use a PIN on a SIM installed in a 3G WIC. Note that a stolen USIM alone will not allow access to a private IPWAN – the network access server credentials (typically CHAP) are also required to connect. A stolen unprotected USIM would allow connection to Telstra's Internet service, which does not require NAS authentication.
Telstra use the phone number and SIM number as their unique account identifier (for billing, fault reporting, etc). A Telstra SIM number as printed on the card and quoted by Telstra is only the most significant 8 digits of the 12-digit account ID, plus an extra 20th ICCID digit. (Optus SIM numbers are the full 12-digit ICCID account number plus the check digit.) It is possible to extract the ICCID via the modem using the 'AT!ICCID?' modem command (there is no corresponding IOS command); the phone number can't be determined from the SIM or modem.
The format of the ICCID is: MMCCIINNNNNNNNNNNNCx
MM = Constant (ISO 7812 Major Industry Identifier, = 89 for "Telecommunications administrations and private operating agencies")
CC = Country Code (61 = Australia)
II = Issuer Identifier (AAPT = 14, EZI-PhoneCard = 88, Hutchison = 06, Optus = 02/12/21/23, Telstra = 01, Telstra Business = 00/61/62, Vodafone = 03)
N{12} = Account ID ("SIM number")
C = Checksum (of the entire 19 digit string)
x = An extra 20th digit is returned by the 'AT!ICCID?' command, and is also printed on Telstra SIMs, but doesn't seem to be an official part of the ICCID (?)
MM = Constant (ISO 7812 Major Industry Identifier, = 89 for "Telecommunications administrations and private operating agencies")
CC = Country Code (61 = Australia)
II = Issuer Identifier (AAPT = 14, EZI-PhoneCard = 88, Hutchison = 06, Optus = 02/12/21/23, Telstra = 01, Telstra Business = 00/61/62, Vodafone = 03)
N{12} = Account ID ("SIM number")
C = Checksum (of the entire 19 digit string)
x = An extra 20th digit is returned by the 'AT!ICCID?' command, and is also printed on Telstra SIMs, but doesn't seem to be an official part of the ICCID (?)
The following are example ICCIDs and corresponding SIM numbers:
MMCCIINNNNNNNNNNNNCx Carrier Printed on SIM
8961023412352120898F Optus 34 12352 12089 8
89610155555542000070 Telstra 5555 5542 0P
89610155543235000034 Telstra 5554 3235 4P
Optus print all 12 account digits and checksum digit on the SIM, Telstra Next G print only the left-most 8 account digits, omit the checksum and include an unknown 2-character suffix (one of which is returned as the 20th digit in the 'AT!ICCID?' command).
Useless fact: the ICCID is an instance of an ISO 7812 ID, the same format used for magnetic stripe cards including ATM and credit cards.
Modems and Profiles
The cellular modem needs to make a "data call" (establish a Packet Data Protocol (PDP) context); once connected a PPP session is established to the network access server. The modem requires age-old AT commands to make the call, and also to interrogate the SIM, etc. IOS provides an interface to a handful of modem features via the 'cellular' exec command and chat script(s). Either through a limitiation of the modem, or IOS, AT commands can only be issued when the modem is idle (not in a call).
Unlike a traditional PSTN modem, there is no phone number to dial out to – rather the modem is configured with at least one "profile" which stores an Access Point Name (APN) and optionally a username and password; this profile is then "dialled" to establish the connection.
Telstra APNs include
telstra.internet Internet connectivity (NATted)
telstra.corp private IPWAN
telstra.internet Internet connectivity (NATted)
telstra.corp private IPWAN
Profiles are stored in the modem, not the USIM nor router's NVRAM or flash memory. Profiles must be configured using 'exec' mode IOS commands (which wrap appropriate 'AT' modem commands). Note that a modem profile and an IOS dialer profile are two separate things.
The HWIC-3G-GSM
Cisco's HWIC-3G-GSM wireless WAN card is basically a Sierra Wireless MC8775 modem carried on a HWIC. IOS presents two interfaces:
– low-speed asynchronous "control" interface ('line x/x/x')
– high-speed synchronous interface ('interface cellular x/x/x')
– low-speed asynchronous "control" interface ('line x/x/x')
– high-speed synchronous interface ('interface cellular x/x/x')
There is also a physical "diag" port on the front of the WIC for debugging the modem (requires proprietary Qualcomm software).
You can connect to the modem on its command port via the standard "reverse telnet" (i.e. telnet <local IP> 2000+portnum), but only when the modem is not in a call.
The WIC has a Received Signal Strength Indication (RSSI) LED
• Off: Low RSSI (under -100 dBm)
• Slow Green Blink: Low or medium RSSI (-99 to -90 dBm)
• Fast Green Blink: Medium RSSI (-89 to -70 dBm)
• Solid Green: High RSSI (-69 dBm or higher)
• Solid Yellow: No service
• Off: Low RSSI (under -100 dBm)
• Slow Green Blink: Low or medium RSSI (-99 to -90 dBm)
• Fast Green Blink: Medium RSSI (-89 to -70 dBm)
• Solid Green: High RSSI (-69 dBm or higher)
• Solid Yellow: No service
Other cards
USB-based modem cards are often used by computers. These present to the operating system as USB-hosted serial devices. Modem-style AT commands are then issued over the pseudo-serial device and PPP started when a connection is reported.
Note carefully that the PPP endpoint is in the wireless LAN card, not to a PPP server across the air. This implies that some network features, such as IPv6, require firmware upgrades on the consumer's USB card.
Some vendors cards offer multiple emulated serial interfaces. This allows AT commands to be issued whilst PPP is in use. There is often a vendor-specific protocol run over one of the serial links, which is useful for signal strength.
Router Configuration
The simplest IOS configuration is as follows:
– a simple chat script to "dial" a profile stored in the modem
– traditional Dial-on-Demand Routing (DDR) config
– basic PPP with CHAP authentication
– a simple chat script to "dial" a profile stored in the modem
– traditional Dial-on-Demand Routing (DDR) config
– basic PPP with CHAP authentication
DDR can't keep the cell interface permanently up (it is -on-demand, after all), but a Dialer Profile can using the 'dialer persistent' command (note that pointing a static at the cell interface and hoping there's always going to be interesting traffic isn't quite the same; most any network is idle at some point or other); i.e. dialer configuration is required for a permanent connection.
3G is generally considered a remote access technology, rather than internetwork. As such Telstra don't provide any dynamic routing protocols over the 3G link. They can inject routes at the NAS on behalf of the remote network via RADIUS "Framed Route" attribute (22, not to be confused with "Framed-Routing", attribute 10), but that's an ugly solution compared to true dynamic routing.
Overlaying a Dynamic Multipoint Virtual Private Network (DMVPN), the trio of multipoint GRE, NHRP and IPSec, has the benefit of making the NextG network totally transparent. The DMVPN tunnel allows any routing protocol, unsurprisingly Cisco recommend EIGRP. Running EIGRP in stub mode over the tunnel is reasonably efficient; with the default hello timers (5s) on both neighbours, an idle link ticks over at under 25 B/s each way, or ~50-60 Mb/month; dropping the hello timer to 30s brings this down to ~10 Mb/month. Actual results on an idle link with four routes down and one summary up, over a 36.9 hour period: Tx 503686 / Rx 414811 bytes = 9.5 / 7.8 MB/month.
The following steps are required to configure a HWIC-3G-GSM:
1. configure the SIM and modem
2. configure the router
1. configure the SIM and modem
2. configure the router
The modem and SIM steps only need to be done once (per carrier). The modem configuration is carrier-specific, Telstra's "Configuring the Cisco HWIC-3G-GSM for Internet and IP WAN Connectivity", v1.0 (Oct 2007) has a number of voodoo AT commands that aren't publicly documented anywhere.
The notes below are all extracts from real console sessions and are both necessary and sufficient. Both Cisco's and Telstra's documentation includes copious extraneous material in their configurations. (The only caveat here is the initial modem configuration, which as mentioned is not documented anywhere so you have to take Telstra's word.). Any configuration beyond the interface (e.g. NAT, DMVPN, routing, etc) is pretty much independent of the Cellular interface config, and is left as an exercise for the reader.
1. Configure the modem
a) unlock the SIM
Router#sh cell 0/0/0 security
Card Holder Verification (CHV1) = Enabled
SIM Status = Locked
SIM User Operation Required = Enter CHV1
Number of Retries remaining = 3
Router#cellular 0/0/0 gsm sim unlock NNNN
!!!WARNING: SIM will be unlocked with pin=NNNN(4), call will be disconnected!!!
Are you sure you want to proceed?[confirm]
b) confirm firmware version (should be H1_1_8_3MCAP, apparently)
ISR1841#sh cel 0/0/0 hard
Modem Firmware Version = H1_1_8_3MCAP C:/WS/
Modem Firmware built = 03/08/07
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = 00000
International Mobile Equipment Identity (IMEI) = 352678013223949
Factory Serial Number (FSN) = D28239720801020
Modem Status = Online
Current Modem Temperature = 19 deg C, State = Normal
Note: the above IMSI (0000), seems to occur when the SIM is locked or has just been been unlocked and has not been used yet (recall the IMSI is stored in the SIM).
c) modem config
The following incantation is from Telstra's "Configuring the Cisco HWIC-3G-GSM for Internet and IP WAN Connectivity", v1.0 (Oct 2007).
When entering AT commands, only one line at a time is accepted (i.e. pasting multiple lines will not work). The Sierra Wireless AT commands are documented, but don't include much of the following.
! temporary, remove after configuring the modem and/or configuring a real loopback:
interface Loopback0
ip address 192.0.2.1 255.255.255.255
line 0/0/0
transport input all
telnet 192.0.2.1 2002
at!custom?
!CUSTOM:
SKUID 0x3F
PUKPRMPT 0x01
MEPCODE 0x01
PRLREGION 0x03
if the 'AT!CUSTOM?' doesn't list the four items, enter:
AT!ENTERCND="A710"
AT!SLEEP=1
AT!NVOEM=GMSCLASS,0C
AT!NVO
AT!CUSTOM="ME
AT!CUSTOM="MEPLOCK",0
AT!NVPLMN=505,01
AT!SCDFTPROF=1
AT!CUSTOM="PRL
AT!GBAND=0000000004000380
AT!RESET
AT!SLEEP=1
AT!NVOEM=GMSCLASS,0C
AT!NVO
AT!CUSTOM="ME
AT!CUSTOM="MEPLOCK",0
AT!NVPLMN=505,01
AT!SCDFTPROF=1
AT!CUSTOM="PRL
AT!GBAND=0000000004000380
AT!RESET
e.g.
AT!ENTERCND="A710"
OK
OK
AT!NVOEM=GMSCL
OK
AT!NVOEM=EMSCLASS,
OK
AT!CUSTOM="MEPCODE",1
AT!CUSTOM="MEPLOCK",0
OK
AT!NVPLMN=505,01
OK
AT!SCDFTPROF=1
ERROR
AT!CU
OK
AT!GB
OK
AT!RESET
OK
AT!ENTERCND="A710"
OK
OK
AT!NVOEM=GMSCL
OK
AT!NVOEM=EMSCLASS,
OK
AT!CUSTOM="MEPCODE",1
AT!CUSTOM="MEPLOCK",0
OK
AT!NVPLMN=505,01
OK
AT!SCDFTPROF=1
ERROR
AT!CU
OK
AT!GB
OK
AT!RESET
OK
- the SCDFTPROF (Query/set the default profile ID) gives an error if the profile 1 exists or not
– the chat script below uses an explicit profile, so the default doesn't matter
– the chat script below uses an explicit profile, so the default doesn't matter
*Jun 18 14:21:21.401: %CELLWAN-2-MODEM_DOWN: Cellular0/0/0 modem is DOWN
*Jun 18 14:21:35.101: %CELLWAN-2-MODEM_UP: Cellular0/0/0 modem is now UP
*Jun 18 14:21:35.101: %CELLWAN-2-MODEM_DOWN: Cellular0/0/0 modem is DOWN
*Jun 18 14:21:45.337: %CELLWAN-2-MODEM_UP: Cellular0/0/0 modem is now UP
set band:
at!band=?
Index, Name
00, All bands
01, N/A (Defaults to ALL)
02, N/A (Defaults to ALL)
03, N/A (Defaults to ALL)
04, N/A (Defaults to ALL)
05, GSM ALL
06, N/A (Defaults to ALL)
07, N/A (Defaults to ALL)
08, WCDMA ALL
09, N/A (Defaults to ALL)
0A, N/A (Defaults to ALL)
0B, N/A (Defaults to ALL)
0C, WCDMA 850 GSM 900/1800
0D, WCDMA 850
OK
at!band?
0C, WCDMA 850 GSM 900/1800
OK
at!band=0D
OK
at!band?
0D, WCDMA 850
OK
AT!RESET
OK
at!band=?
Index, Name
00, All bands
01, N/A (Defaults to ALL)
02, N/A (Defaults to ALL)
03, N/A (Defaults to ALL)
04, N/A (Defaults to ALL)
05, GSM ALL
06, N/A (Defaults to ALL)
07, N/A (Defaults to ALL)
08, WCDMA ALL
09, N/A (Defaults to ALL)
0A, N/A (Defaults to ALL)
0B, N/A (Defaults to ALL)
0C, WCDMA 850 GSM 900/1800
0D, WCDMA 850
OK
at!band?
0C, WCDMA 850 GSM 900/1800
OK
at!band=0D
OK
at!band?
0D, WCDMA 850
OK
AT!RESET
OK
d) disconnect, clean up
no interface Loopback0
no interface Loopback0
e) configure the modem profile(s)
- you DON'T need the CHAP username/pass here
Router#cellular 0/0/0 gsm profile create 4 telstra.corp
Profile 4 will be created with the following values:
APN = telstra.corp
Are you sure? [confirm]
Profile 4 written to modem
- the profile is shown (sh cell 0/0/0 profile) as ACTIVE when a call is in progress, INACTIVE otherwise
[#
Router#sh cel 0/0/0 profile
Profile 4 = ACTIVE
Router#sh cel 0/0/0 profile
Profile 4 = ACTIVE
--------
PDP Type = IPv4
PDP address = 10.7.0.0
Access Point Name (APN) = telstra.corp
Authentication = None
Username: , Password:
* – Default profile
#]
PDP Type = IPv4
PDP address = 10.7.0.0
Access Point Name (APN) = telstra.corp
Authentication = None
Username: , Password:
* – Default profile
#]
2. Configure the router
- the following is the bare essential config:
chat-script ipwan "" "ATDT*98*4#" TIMEOUT 30 CONNECT
interface Cellular0/0/0
encapsulation ppp
ppp chap hostname user045@example.net
ppp chap password 0 mysecret
async mode interactive
ip address negotiated
dialer in-band
! dialer string is required by IOS, but has no meaning for the cell interface; use the chat script label
dialer string ipwan
dialer-group 1
! default is 120s
dialer idle-timeout 300
! allow any ip traffic to bring up the link
dialer-list 1 protocol ip permit
line 0/0/0
script dialer ipwan
! send something (anything) to the cell interface to get it going...
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
3. Notes
- 'speed' commands may appear under the line 0/0/0, these can't be removed and seem to be ignored with a warning: "This command has no effect on this line; use modem AT commands instead"
- the 'ppp ipcp dns request' command is not useful for the VPN (Telstra IPWAN) – Telstra's DNS server(s) will not be reachable from within the VPN cloud, nor will they contain useful information for the private domain
- a possible Catch-22: when idle, the cellular interface is spoofed up and won't have an IP address, so it can't source traffic; the router won't (can't) generate any traffic unless it has a configured local interface (any network/mask)
– i.e. the router needs to generate traffic to trigger the dialer via the static default route, so make sure to have another interface up; once the cell interface is up (and assigned an IP) the router will then use that address (as the "closest" interface) to source traffic
– i.e. the router needs to generate traffic to trigger the dialer via the static default route, so make sure to have another interface up; once the cell interface is up (and assigned an IP) the router will then use that address (as the "closest" interface) to source traffic
- Telstra inject a host route into the NextIP VPN when the wireless node connects, it can take a short time (~30s with RIP) before that route propagates across the cloud
- you can only connect to the modem (via telnetting to the line VTY port, e.g. 2002 for 0/0/0) when the modem is not in a call
– 'show cell 0/0/0 profile' will be INACTIVE when idle, ACTIVE when in a call
– 'show line' will have an 'I' in the first column when the line is idle, 'A' when active
– don't forget to allow telnet access to the port (e.g. 'transport input all')
– 'show cell 0/0/0 profile' will be INACTIVE when idle, ACTIVE when in a call
– 'show line' will have an 'I' in the first column when the line is idle, 'A' when active
– don't forget to allow telnet access to the port (e.g. 'transport input all')
- to arbitrarily take the PPP connection down, use the 'clear interface cell0/0/0' command
- traffic in and out of the Cell interface: 'sh cell 0/0/0 connection | i Data'
– counters reset on boot or 'clear counters c0/0/0'
– counters reset on boot or 'clear counters c0/0/0'
4. Example Output
a) Basic Config
Router#debug chat
Router#debug ppp negotiation
Router#debug ppp error
! no locally configured interfaces (i.e. just the cell0/0/0)
Router#sh ip ro
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Cellular0/0/0
Router#ping 10.9.61.117
% Unrecognized host or address, or protocol not running.
- add a loopback, for example:
Router#sh ip ro
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.1 is directly connected, Loopback0
S* 0.0.0.0/0 is directly connected, Cellular0/0/0
Router#ping 10.9.61.117
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.61.117, timeout is 2 seconds:
*Jul 16 01:27:26.047: CHAT0/0/0: Attempting async line dialer script
*Jul 16 01:27:26.047: CHAT0/0/0: Dialing using Modem script: ipwan & System script: none
*Jul 16 01:27:26.051: CHAT0/0/0: process started
*Jul 16 01:27:26.051: CHAT0/0/0: Asserting DTR
*Jul 16 01:27:26.051: CHAT0/0/0: Chat script ipwan started
*Jul 16 01:27:26.051: CHAT0/0/0: Sending string: ATDT*98*4#
*Jul 16 01:27:26.051: CHAT0/0/0: Expecting string: CONNECT
*Jul 16 01:27:26.095: CHAT0/0/0: Completed match for expect: CONNECT
*Jul 16 01:27:26.095: CHAT0/0/0: Chat script ipwan finished, status = Success.
*Jul 16 01:27:28.227: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Jul 16 01:27:28.227: Ce0/0/0 PPP: Using dialer call direction
*Jul 16 01:27:28.227: Ce0/0/0 PPP: Treating connection as a callout
*Jul 16 01:27:28.227: Ce0/0/0 PPP: Session handle[2D00000E] Session id[5]
*Jul 16 01:27:28.227: Ce0/0/0 PPP: Phase is ESTABLISHING, Active Open
*Jul 16 01:27:28.227: Ce0/0/0 PPP: No remote authentication for call-out
*Jul 16 01:27:28.227: Ce0/0/0 LCP: O CONFREQ [Closed] id 9 len 20
*Jul 16 01:27:28.227: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jul 16 01:27:28.227: Ce0/0/0 LCP: MagicNumber 0x1F5A1582 (0x05061F5A1582)
*Jul 16 01:27:28.227: Ce0/0/0 LCP: PFC (0x0702)
*Jul 16 01:27:28.227: Ce0/0/0 LCP: ACFC (0x0802)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: I CONFREQ [REQsent] id 8 len 25
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: AuthProto CHAP (0x0305C22305)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: MagicNumber 0x9B6BDFE3 (0x05069B6BDFE3)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: PFC (0x0702)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACFC (0x0802)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: O CONFACK [REQsent] id 8 len 25
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: AuthProto CHAP (0x0305C22305)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: MagicNumber 0x9B6BDFE3 (0x05069B6BDFE3)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: PFC (0x0702)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACFC (0x0802)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: I CONFACK [ACKsent] id 9 len 20
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: MagicNumber 0x1F5A1582 (0x05061F5A1582)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: PFC (0x0702)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: ACFC (0x0802)
*Jul 16 01:27:28.231: Ce0/0/0 LCP: State is Open
*Jul 16 01:27:28.231: Ce0/0/0 PPP: Phase is AUTHENTICATING, by the peer
*Jul 16 01:27:28.235: Ce0/0/0 CHAP: I CHALLENGE id 1 len 35 from "UMTS_CHAP_SRVR"
*Jul 16 01:27:28.235: Ce0/0/0 CHAP: Using hostname from interface CHAP
*Jul 16 01:27:28.235: Ce0/0/0 CHAP: Using password from interface CHAP
*Jul 16 01:27:28.235: Ce0/0/0 CHAP: O RESPONSE id 1 len 42 from "user062@example.net"
*Jul 16 01:27:28.239: Ce0/0/0 CHAP: I SUCCESS id 1 len 4
*Jul 16 01:27:28.239: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
*Jul 16 01:27:28.239: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
*Jul 16 01:27:28.239: Ce0/0/0 PPP: Phase is UP
*Jul 16 01:27:28.239: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Jul 16 01:27:28.239: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 01:27:28.239: Ce0/0/0 PPP: Process pending ncp packets.
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 1 len 16
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: Ignoring unrequested options!
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 2 len 10
*Jul 16 01:27:29.243: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 01:27:30.247: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 2 len 16
*Jul 16 01:27:30.247: Ce0/0/0 IPCP: PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
*Jul 16 01:27:30.247: Ce0/0/0 IPCP: SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
*Jul 16 01:27:30.247: Ce0/0/0 IPCP: Ignoring unrequested options!
*Jul 16 01:27:30.247: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 3 len 10
*Jul 16 01:27:30.251: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 3 len 16
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: Ignoring unrequested options!
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 4 len 10
*Jul 16 01:27:31.255: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: I CONFREQ [REQsent] id 4 len 4
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: O CONFACK [REQsent] id 4 len 4
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 4 len 10.
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: Address 10.7.0.62 (0x03060A07003E)
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 5 len 10
*Jul 16 01:27:31.399: Ce0/0/0 IPCP: Address 10.7.0.62 (0x03060A07003E)
*Jul 16 01:27:31.403: Ce0/0/0 IPCP: I CONFACK [ACKsent] id 5 len 10
*Jul 16 01:27:31.403: Ce0/0/0 IPCP: Address 10.7.0.62 (0x03060A07003E)
*Jul 16 01:27:31.403: Ce0/0/0 IPCP: State is Open
*Jul 16 01:27:31.403: Ce0/0/0 IPCP: Install negotiated IP interface address 10.7.0.62..
Success rate is 0 percent (0/5)
Router#
Router#ping 10.9.61.117
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.61.117, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
! wait a bit
Router#ping 10.9.61.117
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.61.117, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 304/337/348 ms
Router#
! wait for timeout
*Jul 16 01:29:47.515: Ce0/0/0 PPP: Sending Acct Event[Down] id[13]
*Jul 16 01:29:47.515: Ce0/0/0 IPCP: State is Closed
*Jul 16 01:29:47.515: Ce0/0/0 PPP: Phase is TERMINATING
*Jul 16 01:29:47.515: Ce0/0/0 LCP: O TERMREQ [Open] id 10 len 4
*Jul 16 01:29:47.527: Ce0/0/0 LCP: I TERMACK [TERMsent] id 10 len 4
*Jul 16 01:29:47.527: Ce0/0/0 LCP: State is Closed
*Jul 16 01:29:47.527: Ce0/0/0 PPP: Phase is DOWN
*Jul 16 01:29:49.527: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to reset
*Jul 16 01:29:54.659: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down
b) Cellular status
idle, no active call:
- the active state is the same, except:
– Profile Information:
Profile 4 = ACTIVE
PDP address = 10.7.0.0 (note this is not the cell host address, rt. the network address)
– Network Information: Packet Session Status = Active
Packet Service = HSDPA (Attached)
Packet Session Status = Active
- the active state is the same, except:
– Profile Information:
Profile 4 = ACTIVE
PDP address = 10.7.0.0 (note this is not the cell host address, rt. the network address)
– Network Information: Packet Session Status = Active
Packet Service = HSDPA (Attached)
Packet Session Status = Active
[#
Router#sh cell 0/0/0 all
Hardware Information
====================
Modem Firmware Version = H1_1_8_3MCAP C:/WS/
Modem Firmware built = 03/08/07
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = 505023435470642
International Mobile Equipment Identity (IMEI) = 352678013222925
Factory Serial Number (FSN) = D28289730191031
Modem Status = Online
Current Modem Temperature = 33 deg C, State = Normal
Profile Information
====================
Profile 4 = INACTIVE
Router#sh cell 0/0/0 all
Hardware Information
====================
Modem Firmware Version = H1_1_8_3MCAP C:/WS/
Modem Firmware built = 03/08/07
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = 505023435470642
International Mobile Equipment Identity (IMEI) = 352678013222925
Factory Serial Number (FSN) = D28289730191031
Modem Status = Online
Current Modem Temperature = 33 deg C, State = Normal
Profile Information
====================
Profile 4 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = telstra.corp
Authentication = None
Username: , Password:
* – Default profile
Data Connection Information
===========================
Data Transmitted = 7821 bytes, Received = 15546 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
...
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Network Information
===================
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = UMTS/WCDMA (Attached)
Packet Session Status = Inactive
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = AUS, Network = Telstra
Mobile Country Code (MCC) = 505
Mobile Network Code (MNC) = 1
Location Area Code (LAC) = 336
Routing Area Code (RAC) = 1
Cell ID = 9261
Primary Scrambling Code = 201
PLMN Selection = Automatic
Registered PLMN = , Abbreviated =
Service Provider = Telstra
Radio Information
=================
Current Band = WCDMA 850, Channel Number = 4436
Current RSSI(RSCP) = -62 dBm
Band Selected = WCDMA V 850
Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of Retries remaining = 3
Router#
#]
PDP Type = IPv4
Access Point Name (APN) = telstra.corp
Authentication = None
Username: , Password:
* – Default profile
Data Connection Information
===========================
Data Transmitted = 7821 bytes, Received = 15546 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Unknown
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
...
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Network Information
===================
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = UMTS/WCDMA (Attached)
Packet Session Status = Inactive
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = AUS, Network = Telstra
Mobile Country Code (MCC) = 505
Mobile Network Code (MNC) = 1
Location Area Code (LAC) = 336
Routing Area Code (RAC) = 1
Cell ID = 9261
Primary Scrambling Code = 201
PLMN Selection = Automatic
Registered PLMN = , Abbreviated =
Service Provider = Telstra
Radio Information
=================
Current Band = WCDMA 850, Channel Number = 4436
Current RSSI(RSCP) = -62 dBm
Band Selected = WCDMA V 850
Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of Retries remaining = 3
Router#
#]
5. Troubleshooting
debug chat
debug ppp negotiation
debug ppp error
debug ppp negotiation
debug ppp error
a) a new SIM doesn't work:
Router#ping 10.9.61.117
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.61.117, timeout is 2 seconds:
*Jul 16 03:47:22.611: CHAT0/0/0: Attempting async line dialer script
*Jul 16 03:47:22.611: CHAT0/0/0: Dialing using Modem script: ipwan & System script: none
...
*Jul 16 03:47:22.655: CHAT0/0/0: Chat script ipwan finished, status = Success.
*Jul 16 03:47:24.791: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Jul 16 03:47:24.791: Ce0/0/0 PPP: Using dialer call direction
...
*Jul 16 03:47:24.795: Ce0/0/0 LCP: State is Open
*Jul 16 03:47:24.795: Ce0/0/0 PPP: Phase is AUTHENTICATING, by the peer
*Jul 16 03:47:24.799: Ce0/0/0 CHAP: I CHALLENGE id 1 len 35 from "UMTS_CHAP_SRVR"
*Jul 16 03:47:24.799: Ce0/0/0 CHAP: Using hostname from interface CHAP
*Jul 16 03:47:24.799: Ce0/0/0 CHAP: Using password from interface CHAP
*Jul 16 03:47:24.799: Ce0/0/0 CHAP: O RESPONSE id 1 len 42 from "user062@example.net"
*Jul 16 03:47:24.803: Ce0/0/0 CHAP: I SUCCESS id 1 len 4
*Jul 16 03:47:24.803: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
*Jul 16 03:47:24.803: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
*Jul 16 03:47:24.803: Ce0/0/0 PPP: Phase is UP
*Jul 16 03:47:24.803: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 10
*Jul 16 03:47:24.803: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 03:47:24.803: Ce0/0/0 PPP: Process pending ncp packets.
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 1 len 16
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: Ignoring unrequested options!
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 2 len 10
*Jul 16 03:47:25.807: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)..
*Jul 16 03:47:27.803: Ce0/0/0 IPCP: Timeout: State REQsent
*Jul 16 03:47:27.803: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 3 len 10
*Jul 16 03:47:27.803: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Jul 16 03:47:28.151: Ce0/0/0 PPP: Sending Acct Event[Down] id[5]
*Jul 16 03:47:28.151: Ce0/0/0 IPCP: State is Closed
...
- look up the SIM, omitting check digit (2nd last) but including final digit:
Router#telnet 192.168.0.1 2002
Trying 192.168.0.1, 2002 ... Open
AT!ICCID?
!ICCID: 89610155543235000034
OK
Router#disconnect
Closing connection to 192.168.0.1 [confirm]
- SIM from the above is "5554 3235 4"
- call Telstra, request they add the "VPN codes"
- call Telstra, request they add the "VPN codes"
Example of a Cisco 1841 using an external 3G router
- Using a Cisco 1841 router to establish the PPPoE session to the IPWAN
- A CDR-780seu cellular router with PPPoE client disabled is connected to Fa0/1
interface FastEthernet0/1
ip address 192.168.1.161 255.255.255.248
ip tcp adjust-mss 1420
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface Dialer1
mtu 1452
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 sekritpw
- The PPPoE connection should now be working, and assigned an DHCP IP address by the IPWAN
#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 192.168.1.161 YES NVRAM up up
NVI0 unassigned YES unset up up
Virtual-Access1 unassigned YES unset up up
Dialer1 192.168.3.128 YES IPCP up up
- So we can run EIGRP over the layer 3 network, we need to set up a GRE tunnel between the endpoint routers:
interface Tunnel0
ip address 192.168.2.122 255.255.255.248
no ip mroute-cache
keepalive 10 3
tunnel source Dialer1
tunnel destination 192.168.1.105
- On the remote router, create the other GRE tunnel endpoint (change serial interface as required):
interface Tunnel0
ip address 192.168.2.121 255.255.255.248
no ip mroute-cache
keepalive 10 3
tunnel source Serial0/0/0.16
tunnel destination 192.168.3.128
- The keepalive command will bring the tunnel down if 3 keepalive packets are lost (sending one every 10 seconds).
- Using a Cisco 1841 router to establish the PPPoE session to the IPWAN
- A CDR-780seu cellular router with PPPoE client disabled is connected to Fa0/1
interface FastEthernet0/1
ip address 192.168.1.161 255.255.255.248
ip tcp adjust-mss 1420
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface Dialer1
mtu 1452
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 sekritpw
- The PPPoE connection should now be working, and assigned an DHCP IP address by the IPWAN
#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 192.168.1.161 YES NVRAM up up
NVI0 unassigned YES unset up up
Virtual-Access1 unassigned YES unset up up
Dialer1 192.168.3.128 YES IPCP up up
- So we can run EIGRP over the layer 3 network, we need to set up a GRE tunnel between the endpoint routers:
interface Tunnel0
ip address 192.168.2.122 255.255.255.248
no ip mroute-cache
keepalive 10 3
tunnel source Dialer1
tunnel destination 192.168.1.105
- On the remote router, create the other GRE tunnel endpoint (change serial interface as required):
interface Tunnel0
ip address 192.168.2.121 255.255.255.248
no ip mroute-cache
keepalive 10 3
tunnel source Serial0/0/0.16
tunnel destination 192.168.3.128
- The keepalive command will bring the tunnel down if 3 keepalive packets are lost (sending one every 10 seconds).
No comments:
Post a Comment