Solved: Re: ISR1100 with LTE advanced not guetting IP address

simon.teyssier · ‎04-10-2018

Hello everybody,

I'm actually facing a problem using an ISR1100 series (C1111-8PLTEEAWE) with LTE advanced.

The cellular interface won't get an IP address (or only for a few seconds after a modem reset for example) even when configured using best practices in the configuration guide.

I've found some differences between the guide and the real software so that's why I'm asking for your help.

I've tried the last three available IOS versions from Cisco website (actually using Version 16.06.02) with the latest modem firmware to but there's nothing to do...

Below is the configuration of the router (only interesting parts. Feel free to ask for more details) :

interface Cellular0/2/0
 ip address negotiated
 dialer in-band
 dialer idle-timeout 30
 dialer-group 1
 ipv6 enable
 pulse-time 1
end

!

ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
!
!
access-list 1 permit any
dialer-list 1 protocol ip list 1

!







I'm located in France and using Bouygues Telecom as a service provider. MCC/MNC are OK :




Router#show cellular 0/2/0 network 
Current System Time = Tue Apr 10 12:9:47 2018
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Network = BYTEL
Mobile Country Code (MCC) = 208
Mobile Network Code (MNC) = 20
Packet switch domain(PS) state = Attached
LTE Carrier Aggregation state = Deconfigured
Location Area Code (LAC) = 20041
Cell ID = 26500915




Below is the full output of the cellular interface's informations :




Router#show cellular 0/2/0 all 
Hardware Information
====================
Modem Firmware Version = SWI9X30C_02.20.03.00
Modem Firmware built = 2016/06/30 10:54:05
Hardware Version = 1.0
Device Model ID: EM7455
International Mobile Subscriber Identity (IMSI) = 208200853716294
International Mobile Equipment Identity (IMEI) = 356129070092645
Integrated Circuit Card ID (ICCID) = 8933200817537162942
Mobile Subscriber Integrated Services
Digital Network-Number (MSISDN) = 
Modem Status = Modem Online
Current Modem Temperature = 38 deg C
PRI SKU ID = 1102526, PRI version = 002.017_001, Carrier = Generic
OEM PRI version = 007

Profile Information
====================

Profile 1 = INACTIVE* **
--------
PDP Type = IPv4
Access Point Name (APN) = fipbouygtel.com
Authentication = None

Profile 2 = INACTIVE
--------

* - Default profile 
 ** - LTE attach profile


Configured default profile for active SIM 0 is profile 1.


Data Connection Information
===========================
Profile 1, Packet Session Status = INACTIVE
 Call end mode = unknown technology
 Session disconnect reason type = unknown reason type(0)
 Session disconnect reason = unknown reason(0)
Profile 2, Packet Session Status = INACTIVE
Profile 3, Packet Session Status = INACTIVE
Profile 4, Packet Session Status = INACTIVE
Profile 5, Packet Session Status = INACTIVE
Profile 6, Packet Session Status = INACTIVE
Profile 7, Packet Session Status = INACTIVE
Profile 8, Packet Session Status = INACTIVE
Profile 9, Packet Session Status = INACTIVE
Profile 10, Packet Session Status = INACTIVE
Profile 11, Packet Session Status = INACTIVE
Profile 12, Packet Session Status = INACTIVE
Profile 13, Packet Session Status = INACTIVE
Profile 14, Packet Session Status = INACTIVE
Profile 15, Packet Session Status = INACTIVE
Profile 16, Packet Session Status = INACTIVE

Network Information
===================
Current System Time = Tue Apr 10 12:11:46 2018
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Network = BYTEL
Mobile Country Code (MCC) = 208
Mobile Network Code (MNC) = 20
Packet switch domain(PS) state = Attached
LTE Carrier Aggregation state = Deconfigured
Location Area Code (LAC) = 20041
Cell ID = 26500915

Radio Information
=================
Radio power mode = online
Channel Number = 10639
Current Band = WCDMA 2100
Current RSSI(RSCP) = -77 dBm
Current ECIO = -5 dBm
Primary Scrambling Code = 268
Radio Access Technology(RAT) Preference = AUTO
Radio Access Technology(RAT) Selected = UMTS

Modem Security Information
==========================
Active SIM = 0
SIM switchover attempts = 0
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3

Cellular Firmware List
==========================
 Idx Carrier FwVersion PriVersion Status 
 1 ATT 02.20.03.00 002.020_000 Inactive
 2 BELL 02.20.03.00 000.010_000 Inactive
 3 GENERIC 02.20.03.00 002.017_001 Active 
 4 ROGERS 02.20.03.00 000.011_000 Inactive
 5 SPRINT 02.20.03.22 002.020_000 Inactive
 6 TELUS 02.20.03.00 000.011_000 Inactive
 7 VERIZON 02.20.03.22 002.026_001 Inactive

Firmware Activation mode : AUTO

GPS Information
==========================

GPS Info
-------------
GPS Feature: disabled
GPS Mode Configured: not configured
GPS Status: NMEA Disabled

SMS Information
===============
Incoming Message Information
----------------------------
SMS stored in modem = 1
SMS archived since booting up = 0
Total SMS deleted since booting up = 0
Storage records allocated = 25
Storage records used = 1
Number of callbacks triggered by SMS = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0

Outgoing Message Information
----------------------------
Total SMS sent successfully = 0
Total SMS send failure = 0
Number of outgoing SMS pending = 0
Number of successful archive since booting up = 0
Number of failed archive since booting up = 0
Last Outgoing SMS Status = SUCCESS
Copy-to-SIM Status = 0x0
Send-to-Network Status = 0x0
Report-Outgoing-Message-Number:
 Reference Number = 0
 Result Code = 0x0
 Diag Code = 0x0 0x0 0x0 0x0 0x0

SMS Archive URL =

Error Information
=================

This command is not supported on 4G modems.


Modem Crashdump Information
===========================
Modem crashdump logging: off

BTW, the SIM card is working fine in a Cisco881...Also tried many other SIM cards (even with other SP) with no more success.

Feel free to ask for any further information.

Thanks in advance for your help. Will be appreciated.

Regards,

Simon

simon.teyssier · ‎04-24-2018

Just to let you know in case some are interested, problem solved.

This issue was related to the cellular interface configuration.

A dialer-group triggers a data call (and hence it retrieves an IP address) every time traffic is sent out the cell interface.

A dialer watch-list keeps the interface always up (meaning no traffic is needed to trigger the call).

As a result, the correct configuration for me was :

Interface cell 0/2/0

dialer watch-group 1

exit

!

dialer watch-list 1 ip 5.6.7.8 0.0.0.0

dialer watch-list 1 delay route-check initial 60

dialer watch-list 1 delay connect 1

Everything is working fine know.

Simon

View solution in original post

simon.teyssier · ‎04-24-2018

Just to let you know in case some are interested, problem solved.

This issue was related to the cellular interface configuration.

A dialer-group triggers a data call (and hence it retrieves an IP address) every time traffic is sent out the cell interface.

A dialer watch-list keeps the interface always up (meaning no traffic is needed to trigger the call).

As a result, the correct configuration for me was :

Interface cell 0/2/0

dialer watch-group 1

exit

!

dialer watch-list 1 ip 5.6.7.8 0.0.0.0

dialer watch-list 1 delay route-check initial 60

dialer watch-list 1 delay connect 1

Everything is working fine know.

Simon

schonb01 · ‎04-15-2020

Hey Simon, thanks for posting this! Is there any way you can provide the entire config (passwords removed of course)?

jmuryn · ‎07-02-2020

I would also appreciate!

Nelson Kim · ‎08-25-2020

Here is the config that works

interface Cellular0/1/0
ip address negotiated
dialer in-band
dialer idle-timeout 0
dialer watch-group 1
pulse-time 1
ip virtual-reassembly




dialer watch-list 1 ip 5.6.7.8 255.255.255.255
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1

the Ip address in the watch list doesn't have to be valid. That value is what Cisco provided, to just be a dummy address as a keep alive.

mcorreagarcia · ‎02-18-2021

hello guys , i have this same configuration , i have c1111 in usa with verizon , simcard

but the issue it´s just take 30 minutes up and running , then lost the ip address pubic ,

until shut and no shut the cellular interface 0/2/0 , get back the ip address public again , or reload the cisco router

do anyone , could know what its the issue , here .

thanks

Georg Pauwen · ‎02-18-2021

Hello,

post your full running configuration...

mcorreagarcia · ‎02-19-2021

CMEX-USA-RDURTRDV30#
CMEX-USA-RDURTRDV30#sh run
Building configuration...


Current configuration : 26947 bytes
!
! Last configuration change at 17:20:17 UTC Thu Feb 18 2021
!
version 16.8
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname CMEX-USA-RDURTRDV30
!
boot-start-marker
boot system flash c1100-universalk9_ias.16.08.03.SPA.bin
boot-end-marker
!
!
logging discriminator nolog mnemonics drops VOIP_CALL|VOIP_FEAT|PKT_INV_SPI
logging buffered discriminator nolog 100000
logging rate-limit console 10 except critical
logging console discriminator nolog
logging monitor discriminator nolog

!
!
!
!
aaa session-id common
ethernet lmi ce
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip vrf INET
rd 65000:1
!
!
!
!
!
ip nbar custom C01_radius_tcp transport tcp
port range 1812 1813
direction any


ip nbar custom C02_radius_udp transport udp
port range 1812 1813
direction any


ip nbar custom C03_netflow transport udp
port 2055
direction any


ip nbar custom C04_tandberg_video transport udp
port range 2326 2373
direction any


ip nbar custom C05_tandberg_stream transport udp
port range 970 974
direction any


ip nbar custom C06_tandberg_setup transport tcp
port range 5555 5588
direction any


ip nbar custom C07_cisco_xot transport tcp
port 1998
direction any


ip nbar custom C08_see_and_share transport tcp
port 8089 9933
direction any


ip nbar custom C09_netmeeting_rds transport tcp
port 522 1503
direction any


ip nbar custom C10_ibm_tsm transport tcp
port 1500
direction any


ip nbar custom C11_pdl_datastream transport tcp
port 9100
direction any


ip nbar custom C12_remote_desktop transport tcp
port 3389
direction any


ip nbar custom C13_lotus_notes_tcp transport tcp
port 1352
direction any


ip nbar custom C14_lotus_notes_udp transport udp
port 1352
direction any


!
!
no ip bootp server
no ip domain lookup
ip domain name TIWS
ip dhcp bootp ignore
!
!
!
login block-for 180 attempts 3 within 60
login quiet-mode access-class RemoteAccess_AL
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
flow exporter FlowExporter1
destination 10.191.153.105
source Loopback600
transport udp 2055
!
!
flow monitor FlowMonitor1
exporter FlowExporter1
cache timeout active 60
record netflow ipv4 original-input
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4269715458
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4269715458
revocation-check none
rsakeypair TP-self-signed-4269715458
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4269715458
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323639 37313534 3538301E 170D3231 30313231 31363433
30325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32363937
31353435 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 010096A2 AE6B905F 0CD7C0C5 20664CB3 A0F8F991 86238C9D 0BC5FAC9
F92ED568 00E74C31 F4F83D47 076B8E51 E803E837 F58E0577 FA47122A F0EAFA71
BAD11FF7 DB84829A 9EEECD47 C77185E9 61BDE3A7 6706D282 480F9A11 8B2D6628
D1F48DAA 7554B643 243723B8 393FE7DC E7A63C22 FC7350BD F54640E5 607A79AC
BC784637 0CD08FD6 44369E73 21479104 2ED924DA 61978C0E 8AF419B5 81708370
D5608B71 ED9AC17C 2A61FFE6 BA3F738F DBF0A0DF D8D8E6F5 C9CBA232 077BF9A4
6740CA03 806FD15E FAB07EBF D709A1CC 8F1548FA 695F8CC8 EE42CD3C 16F00508
8C61F6D5 6A3BB1CC 867F6C51 1573735E F3886EC6 50263AB2 0F46F29C 3BE64E5A
7916E241 9A8B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14BC27D8 94EA2677 802ABE78 89D15F1F 9A5D418F
4E301D06 03551D0E 04160414 BC27D894 EA267780 2ABE7889 D15F1F9A 5D418F4E
300D0609 2A864886 F70D0101 05050003 82010100 8E309D7E E80F7D75 4F348B73
1C4DE729 54A1CDEF 6F7F2B62 EE9A9207 B37C2F49 A200188D ACD6F156 345FECFB
435C3859 8C35E8A2 AB1C85F3 BBB9C72E 81EFEA0C 3CF65FCA 76A6BB65 5D86DC0A
BEF00AF2 59881835 3F5231E8 6E29E3F3 EAA1EBF8 0783EFBC D1CF1B5A 8DB84094
E85304C8 25EF33E2 C89BD9ED 4F1D3CC2 15DD932A 8FFB6B08 2AB1BC9F 886766C7
50AF5890 631E3299 72AC74AC 50BEA2FB F7128E9B 4C9859E2 3B3429E1 FC31EAA6
BB341ED8 CB51018A 34C1CA20 93DBE6F6 98852686 17B332BE 6EE7EC77 972D7B3E
FA05C26C 901E8E52 F1C2ED7D 58014678 64027191 AF379098 8499061F 3CA8B465
384C91AF 47DD9AC4 C1D849DB FCB3BAFA 5363CDA1
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
no license feature hseck9
license udi pid C1111-8PLTEEA sn FGL2450L0M4
license accept end user agreement
license boot level appxk9
license boot level securityk9
no license smart enable
archive
log config
logging enable
logging size 1000
notify syslog contenttype plaintext
hidekeys
path flash:autoarchived-config
maximum 8
write-memory
time-period 10000
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username intelliden privilege 15 secret 5 $1$wqrX$1H5bM9JsApU1skp5nJ0uP.
!
redundancy
mode none
!
!
!
!
controller Cellular 0/2/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
vlan internal allocation policy ascending
!
!
class-map match-any class-cx-premarked-scavenger-out
match dscp 4
class-map match-any class-cx-premarked-data-high
match dscp af21
class-map match-any class-cx-premarked-video-out
match ip precedence 4
class-map match-any class-LAN-Silver
match protocol C13_lotus_notes_tcp
match protocol C14_lotus_notes_udp
match protocol cifs
match protocol netbios
match protocol pppoe
match protocol gre
match protocol ipinip
match protocol secure-ldap
match protocol printer
match protocol smtp
match protocol pop3
match protocol secure-pop3
match protocol secure-imap
match protocol http mime "application/x-rtsp-tunnelled"
match protocol rtp payload-type "96-127"
match protocol C07_cisco_xot
match protocol C11_pdl_datastream
match protocol netshow
match protocol tftp
match protocol ipsec
match protocol l2tp
match protocol pptp
match protocol sqlnet
match protocol sqlserver
match protocol ldap
match protocol nfs
match protocol exchange
match protocol imap
match protocol rtsp
class-map match-any class-LAN-Platinum
match protocol telnet
match protocol secure-telnet
match protocol tacacs
match protocol syslog
match protocol rsvp
match protocol icmp
match protocol citrix
match protocol xwindows
match protocol sap
match protocol vnc
match protocol http host "*cemex*"
match protocol C12_remote_desktop
match protocol C08_see_and_share
match protocol C09_netmeeting_rds
match protocol ssh
match protocol C01_radius_tcp
match protocol C02_radius_udp
match protocol capwap-control
match protocol snmp
match protocol C03_netflow
match protocol ntp
match protocol dhcp
match protocol dns
class-map match-any class-cx-premarked-voice-out
match ip precedence 5
class-map match-any class-cx-premarked-data-low-out
match ip precedence 1
class-map match-any Mgmt_Out
match access-group 160
match ip precedence 6 7
class-map match-any Scavenger_In
match dscp 4
class-map match-any Silver_Out
match ip precedence 1
class-map match-any Platinum_Out
match ip precedence 3
class-map match-any Video_In
match ip precedence 4
class-map match-any Voice_In
match ip precedence 5
class-map match-any Video_Out
match ip precedence 4
class-map match-any Voice_Out
match ip precedence 5
class-map match-any Mgmt_In
match ip precedence 6 7
class-map match-any Scavenger_Out
match dscp 4
class-map match-any Platinum_In
match ip precedence 3
class-map match-any Silver_In
match ip precedence 1
class-map match-any class-cx-premarked-scavenger
match dscp cs1
class-map match-any class-cx-premarked-video
match dscp af31
class-map match-any class-cx-premarked-data-high-out
match ip precedence 3
class-map match-any class-cx-premarked-data-low
match dscp af11
class-map match-any class-LAN-Scavenger
match protocol fasttrack
match protocol edonkey
match protocol C10_ibm_tsm
match protocol capwap-data
class-map match-any class-LAN-Voice
match protocol h323
match protocol sip
match protocol rtp audio
match protocol rtcp
match protocol mgcp
match protocol skinny
match protocol C06_tandberg_setup
class-map match-any class-LAN-Video
match protocol cuseeme
match protocol rtp video
match protocol C04_tandberg_video
match protocol C05_tandberg_stream
!
policy-map Set_Precedencia_LAN_Out
class class-cx-premarked-voice-out
set dscp ef
class class-cx-premarked-video-out
set dscp af31
class class-cx-premarked-data-high-out
set dscp af21
class class-cx-premarked-data-low-out
set dscp af11
class class-cx-premarked-scavenger-out
set dscp cs1
policy-map QoS_Out
class Mgmt_Out
bandwidth percent 1
class Voice_Out
class Video_Out
set ip precedence 4
class Platinum_Out
bandwidth percent 35
random-detect
set ip precedence 3
class Silver_Out
bandwidth percent 25
random-detect
set dscp af11
class Scavenger_Out
bandwidth percent 1
random-detect
set dscp 4
class class-default
fair-queue
random-detect
set precedence 0
policy-map Shaping_Datos
class class-default
shape average percent 100
service-policy QoS_Out
policy-map QoS_In
class Mgmt_In
set ip precedence 6
class Voice_In
set ip precedence 5
class Video_In
set ip precedence 4
class Platinum_In
set ip precedence 3
class Silver_In
set ip precedence 1
class Scavenger_In
set dscp 4
class class-default
set ip precedence 0
policy-map Customer_Classify
class class-LAN-Voice
set ip precedence 5
class class-LAN-Video
set ip precedence 4
class class-LAN-Platinum
set ip precedence 3
class class-LAN-Silver
set ip precedence 1
class class-LAN-Scavenger
set dscp 4
class class-default
set ip dscp default
policy-map Set_Precedencia
class class-cx-premarked-video
set ip precedence 4
class class-cx-premarked-data-high
set ip precedence 3
class class-cx-premarked-data-low
set ip precedence 1
class class-cx-premarked-scavenger
set dscp 4
class class-default
service-policy Customer_Classify
!
!
!
crypto keyring DMVPN_KEYRING vrf INET
description [Keyring for Dynamic Multipoint VPN connections]
pre-shared-key address 0.0.0.0 0.0.0.0 key vpn_12956_48400
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 30 10 periodic
crypto isakmp profile DMVPN_ISAKMP
vrf INET
keyring DMVPN_KEYRING
match identity address 0.0.0.0 INET
!
crypto ipsec security-association replay window-size 256
!
crypto ipsec transform-set DMVPN_TF esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set DMVPN_MGT_TRANSFORM esp-3des esp-sha-hmac
mode tunnel
!
crypto ipsec profile DMVPN_IPSEC
set security-association lifetime kilobytes disable
set transform-set DMVPN_TF
set pfs group2
set isakmp-profile DMVPN_ISAKMP
!
crypto ipsec profile DMVPN_MGT_IPSEC_PROFILE
set security-association lifetime kilobytes disable
set transform-set DMVPN_MGT_TRANSFORM
set pfs group2
set isakmp-profile DMVPN_ISAKMP
!
!
!
!
!
!
!
!
!
!
interface Loopback1
ip vrf forwarding INET
ip address 1.1.1.1 255.255.255.255
!
interface Loopback600
description 0001051700>F1>0
ip address 10.188.0.254 255.255.255.255
!
interface Tunnel1
description WAN - CMEX-USA-RDUCRTDV00
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address 10.185.250.31 255.255.248.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN101
ip nhrp map multicast 65.205.39.203
ip nhrp map 10.185.248.1 65.205.39.203
ip nhrp network-id 101
ip nhrp holdtime 60
ip nhrp nhs 10.185.248.1
ip tcp adjust-mss 1360
ip policy route-map ClearRedirectedMark_RM
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 1000
load-interval 30
cdp enable
if-state nhrp
qos pre-classify
tunnel source Cellular0/2/0
tunnel mode gre multipoint
tunnel key 101
tunnel vrf INET
tunnel protection ipsec profile DMVPN_IPSEC shared
!
interface Tunnel2
description WAN - CMEX-USA-RDUCRTDV00
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address 10.186.250.31 255.255.248.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN102
ip nhrp map multicast 12.252.33.250
ip nhrp map 10.186.248.1 12.248.92.166
ip nhrp network-id 102
ip nhrp holdtime 60
ip nhrp nhs 10.186.248.1
ip tcp adjust-mss 1360
ip policy route-map ClearRedirectedMark_RM
ip ospf network broadcast
ip ospf priority 0
ip ospf cost 2000
load-interval 30
cdp enable
if-state nhrp
qos pre-classify
tunnel source Cellular0/2/0
tunnel mode gre multipoint
tunnel key 102
tunnel vrf INET
tunnel protection ipsec profile DMVPN_IPSEC shared
!
interface Tunnel2001
description [DMVPN Net MAIN MANAGEMENT SPOKE TUNNEL]
ip address 100.1.6.48 255.255.0.0
no ip redirects
ip mtu 1400
ip nhrp authentication CEMEXMGT
ip nhrp map multicast 213.140.62.194
ip nhrp map 100.1.0.1 213.140.62.194
ip nhrp network-id 2001
ip nhrp holdtime 60
ip nhrp nhs 100.1.0.1
ip tcp adjust-mss 1360
load-interval 30
cdp enable
tunnel source Cellular0/2/0
tunnel destination 213.140.62.194
tunnel key 2001
tunnel vrf INET
tunnel protection ipsec profile DMVPN_MGT_IPSEC_PROFILE shared
!
interface Tunnel2002
description [DMVPN Net BACKUP MANAGEMENT SPOKE TUNNEL]
ip address 100.2.6.48 255.255.0.0
no ip redirects
ip mtu 1400
ip nhrp authentication CEMEXMGT
ip nhrp map multicast 213.140.62.195
ip nhrp map 100.2.0.1 213.140.62.195
ip nhrp network-id 2002
ip nhrp holdtime 60
ip nhrp nhs 100.2.0.1
ip tcp adjust-mss 1360
load-interval 30
cdp enable
tunnel source Cellular0/2/0
tunnel destination 213.140.62.195
tunnel key 2002
tunnel vrf INET
tunnel protection ipsec profile DMVPN_MGT_IPSEC_PROFILE shared
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
ip vrf forwarding INET
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address negotiated
ip nat outside
ip access-group PublicWanFilter_AL in
dialer in-band
dialer idle-timeout 0
dialer watch-group 1
dialer-group 1
ipv6 enable
pulse-time 1
!
interface Cellular0/2/1
no ip address
shutdown
!
interface Vlan1
description LAN - CMEX-USA-RDU-LAN1
ip flow monitor FlowMonitor1 input
ip flow monitor FlowMonitor1 output
ip address 10.178.213.1 255.255.255.0
ip helper-address 10.190.1.3
ip nat inside
standby 21 timers 5 15
standby 21 priority 108
standby 21 preempt delay minimum 60
ip ospf priority 100
ip ospf mtu-ignore
ip ospf cost 3000
service-policy input Set_Precedencia
service-policy output Set_Precedencia_LAN_Out
!
router ospf 1
router-id 10.188.0.254
redistribute connected metric 3100 metric-type 1 subnets route-map RedistributeLoopback_RM
redistribute ospf 101 metric 4100 metric-type 1 subnets route-map DomDmvpnFiltering_RM
redistribute ospf 102 metric 4100 metric-type 1 subnets route-map DomDmvpnFiltering_RM
network 10.178.213.0 0.0.0.255 area 0
default-information originate metric 1200
distance 10 0.0.0.0 255.255.255.255
!
router ospf 101
router-id 10.185.250.31
redistribute connected metric 7100 metric-type 1 subnets tag 2002 route-map RedistributeConnected_RM
redistribute ospf 1 metric 7100 metric-type 1 subnets tag 2002 route-map Prio1PrefixFiltering_RM
network 10.184.250.0 0.0.1.255 area 0
network 10.185.248.0 0.0.7.255 area 0
!
router ospf 102
router-id 10.186.250.31
redistribute connected metric 7100 metric-type 1 subnets tag 2002 route-map RedistributeConnected_RM
redistribute ospf 1 metric 7100 metric-type 1 subnets tag 2002 route-map Prio1PrefixFiltering_RM
network 10.186.248.0 0.0.7.255 area 0
!
router bgp 65001
bgp log-neighbor-changes
neighbor 100.1.0.1 remote-as 12956
neighbor 100.1.0.1 update-source Tunnel2001
neighbor 100.2.0.1 remote-as 12956
neighbor 100.2.0.1 update-source Tunnel2002
!
address-family ipv4
redistribute connected route-map Management_Loopback_RM
neighbor 100.1.0.1 activate
neighbor 100.1.0.1 route-map Management_Loopback_RM out
neighbor 100.2.0.1 activate
neighbor 100.2.0.1 route-map Management_Loopback_RM out
exit-address-family
!
ip forward-protocol nd
ip ftp source-interface Loopback600
no ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface Loopback600
ip route vrf INET 0.0.0.0 0.0.0.0 Cellular0/2/0
ip tacacs source-interface Loopback600
ip ssh time-out 60
ip ssh logging events
ip ssh version 2
ip scp server enable
!
ip bgp-community new-format
!
!
ip access-list extended PublicWanFilter_AL
permit gre any any
permit esp any any
permit udp any eq isakmp any
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any administratively-prohibited
permit udp any any eq non500-isakmp
permit udp any eq non500-isakmp any
permit udp any any eq isakmp
deny ip any any
ip access-list extended RedirectedTraffic_AL
permit ip any any dscp af13
!
!
ip prefix-list Connected_PL seq 10 permit 10.188.0.254/32
ip prefix-list Connected_PL seq 20 permit 10.178.213.0/24
!
ip prefix-list DomDmvpnAddressing_PL seq 10 permit 10.185.248.0/21
ip prefix-list DomDmvpnAddressing_PL seq 20 permit 10.186.248.0/21
!
ip prefix-list Loopback_DMVPN seq 10 permit 10.188.0.254/32
!
ip prefix-list Management_Loopback_PL seq 10 permit 10.188.0.254/32
ip sla responder
logging source-interface Loopback600
logging host 213.140.34.58
logging host 10.42.8.38
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer-list 1 protocol ip permit
!
!
route-map DomDmvpnFiltering_RM deny 10
description [Filter domestic DMVPN addressing]
match ip address prefix-list DomDmvpnAddressing_PL
!
route-map DomDmvpnFiltering_RM permit 30
description [Allow the rest of the prefixes]
!
route-map ClearRedirectedMark_RM permit 10
description [Change af13 = Dscp14 to af11 to clean the redirected mark]
match ip address RedirectedTraffic_AL
set ip tos max-throughput
!
route-map Management_Loopback_RM permit 10
description [Allow redistribution of the loopback address]
match ip address prefix-list Management_Loopback_PL
!
route-map Prio1PrefixFiltering_RM deny 20
description [Filter redistributed routes from MPLS router]
match tag 1000 1001 1002 1003 1004 1005 2002 2003 3000 3001
!
route-map Prio1PrefixFiltering_RM permit 30
description [Allow the rest of the routes]
!
route-map RedistributeConnected_RM permit 10
description [To filter loopback DMVPN in MPLS network]
match ip address prefix-list Loopback_DMVPN
set tag 3000
!
route-map RedistributeConnected_RM permit 20
description [Allow redistribution of LAN and loopback prefixes]
match ip address prefix-list Connected_PL
!
route-map RedistributeLoopback_RM permit 10
description [Allow redistribution of loopback prefixes]
match ip address prefix-list Loopback_DMVPN
set tag 3000
!
!
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
access-class RemoteAccess_AL in vrf-also
exec-timeout 30 0
privilege level 15

logging synchronous
login authentication administrator
transport input telnet ssh
line vty 5 15
access-class RemoteAccess_AL in vrf-also
exec-timeout 30 0
privilege level 15
logging synchronous
login authentication administrator
transport input telnet ssh
!
ntp source Loopback600
ntp access-group peer
ntp server 213.140.34.8
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

CMEX-USA-RDURTRDV30#
CMEX-USA-RDURTRDV30#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/1/0 unassigned YES unset up up
GigabitEthernet0/1/1 unassigned YES unset down down
GigabitEthernet0/1/2 unassigned YES unset down down
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0/1/4 unassigned YES unset down down
GigabitEthernet0/1/5 unassigned YES unset down down
GigabitEthernet0/1/6 unassigned YES unset down down
GigabitEthernet0/1/7 unassigned YES unset down down
Cellular0/2/0 166.252.226.19 YES IPCP up up
Cellular0/2/1 unassigned YES NVRAM administratively down down
Loopback1 1.1.1.1 YES NVRAM up up
Loopback600 10.188.0.254 YES NVRAM up up
Tunnel1 10.185.250.31 YES NVRAM up up
Tunnel2 10.186.250.31 YES NVRAM up up
Tunnel2001 100.1.6.48 YES NVRAM up up
Tunnel2002 100.2.6.48 YES NVRAM up up
Vlan1 10.178.213.1 YES NVRAM up up
CMEX-USA-RDURTRDV30#sh ver

Cisco IOS XE Software, Version 16.08.03
Cisco IOS Software [Fuji], ISR Software (ARMV8EB_LINUX_IOSD-UNIVERSALK9_IAS-M), Version 16.8.3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Tue 09-Apr-19 15:28 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2019 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.

ROM: IOS-XE ROMMON

CMEX-USA-RDURTRDV30 uptime is 13 minutes
Uptime for this control processor is 15 minutes
System returned to ROM by PowerOn at 18:02:31 UTC Thu Jan 21 2021
System image file is "bootflash:c1100-universalk9_ias.16.08.03.SPA.bin"
Last reload reason: PowerOn

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
appxk9


Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 appxk9 Permanent appxk9
securityk9 securityk9 Permanent securityk9
ipbase ipbasek9 Permanent ipbasek9

cisco C1111-8PLTEEA (1RU) processor with 1456824K/6147K bytes of memory.
Processor board ID FGL2450L0M4
1 Virtual Ethernet interface
10 Gigabit Ethernet interfaces
2 Cellular interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
2863103K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

Configuration register is 0x2102

janis_tel · ‎08-24-2022

Hey did you solved your Problem ? - We are getting the same error..