Categorie: Cisco

USB 2 serial

Cisco USB console poort:

http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide/ASR920_HIG/hw_installation.html#pgfId-1281737

OTOH, Fig. 3-23 suggests that there is a “real” USB host port (the “EIA Console Port”) which might be able to drive a USB-to-serial, if it’s the right now – if it can be used to connect a modem, it can be used to connect to a console server.  But I’d assume that it only works with a Cisco Certified USB To Serial Cable, which is made by the Cisco Certified Optics Department and appropriately priced.

There are 4 USB ‘ports’ on the ASR920:

‘USB MEM’ – This is for a USB memory stick.

‘USB CON’ – This is the Type-A USB port.

‘AUX CON’ – I had thought this is for a USB modem?

‘CONSOLE’ – This is the EIA connection. I tried connecting my USB-to-Serial adapter to this, too, but no luck.

http://www.cisco.com/c/en/us/td/docs/routers/asr920/hardware/installation/guide/ASR920_HIG/troubleshooting.html#67599

Cisco, Netwerk (C-NSP)

L2TP PPP login

 

L2TP over IPsec on Cisco IOS

! Enable L2TP
! - Connect VPN clients to VRF private

! Must use "password" ("secret" won't work)
username roadwarrior password 0 <removed>

aaa authentication ppp l2tp-auth local-case

ip local pool l2tp-pool 10.1.11.100 10.1.11.199

vpdn enable

interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool l2tp-pool
 ppp mtu adaptive
 ppp authentication ms-chap-v2 l2tp-auth
!

vpdn-group l2tp-group
 ! Default L2TP VPDN group
 description L2TP clients
 accept-dialin
  protocol l2tp
  virtual-template 1
!
no l2tp tunnel authentication
!

! ISAKMP policy:
! - OS X offers aes 256 and 128 (but not 192)
! - SHA1 is the default hash on Cisco IOS (does not show up in config)
! - OS X doesn't offer any of the PFS groups

crypto isakmp policy 50
 encr aes 256
 authentication pre-share
 group 2
 lifetime 14400
!

! Internet is connected to VRF cable
crypto keyring l2tp-ring vrf cable
  pre-shared-key address 0.0.0.0 0.0.0.0 key <removed>
!

! IPsec policy
! - Match OS X proposal

crypto ipsec transform-set l2tp-transform esp-aes 256 esp-sha-hmac
 mode transport
!

! Require IPsec for all L2TP traffic
! 

ip access-list extended l2tp-access
 permit udp any eq 1701 any
!

crypto dynamic-map l2tp-map 10
 set nat demux
 set transform-set l2tp-transform
 match address l2tp-access
!

crypto map l2tp 10 ipsec-isakmp dynamic l2tp-map

interface Vlan6
 crypto map l2tp
!

 

http://null.53bits.co.uk/index.php?page=pppoe-initial-set-up-with-freeradius-2http://null.53bits.co.uk/index.php?page=lac-wholesale-pppoa-e-l2tp-tunnelling-with-freeradius-2http://www.gossamer-threads.com/lists/cisco/bba/182918#182918

https://supportforums.cisco.com/document/9878401/l2tp-over-ipsec-cisco-ios-router-using-windows-8

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/9556-basic-vpdn.html

http://www.gossamer-threads.com/lists/cisco/nsp/131855

http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/pt_wnlns.htmlhttp://www.networklabs.info/2012/03/cisco-l2tp-dial-in.htmlhttps://www.marc.info/?l=cisco-nsp&m=142683826203087&w=3

L2TP over IPsec on Cisco IOS

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/vpdn/configuration/xe-3s/vpd-xe-3s-book/vpd-cfg-nas-init-dialin-tunnels.html#GUID-5F599546-5296-4037-93CA-C284D54C9426http://www.openl2tp.org/pipermail/openl2tp-users/2011-March/000939.html

http://blogconfigs.blogspot.nl/2010/07/configure-l2tp-ipsec-vpn-server-on.html

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/23980-l2tp-23980.html#t4

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/scaling.html#pgfId-1121164

http://www.cisco.com/c/en/us/products/collateral/routers/asr-1000-series-aggregation-services-routers/datasheet-c78-731640.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/l2tp_ips.html#wp1046219

http://windowsitpro.com/networking/pptp-vs-l2tp

https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

http://www.cisco.com/c/en/us/support/docs/dial-access/virtual-private-dialup-network-vpdn/9556-basic-vpdn.html

http://strongvpn.com/forum/viewtopic.php?id=2234

Configuring DSL (ISP & Customer Side)

https://supportforums.cisco.com/document/30416/pppoe-over-l2tp-lns-configuration-and-troubleshooting

http://www.gossamer-threads.com/lists/cisco/nsp/131855

Cisco, Security

Cisco VRF aware NAT

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/iadnat-addr-consv.html

 

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/iadnat-mpls-vpn.html#GUID-FBFD3D36-C8AC-4F86-A0B3-D5026D1AB646

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/iadnat-mpls-vpn.html#GUID-15FFAA73-EA24-4D0E-A9BA-108D9C10261A

https://sites.google.com/site/amitsciscozone/home/mpls/vrf-aware-nat

http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/112084-ios-nat-mpls-vpn-00.html#egresspenat2

 

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-data-zbf-xe-asr1k-book/vrf-aware-fw.html#GUID-0457B1D0-6162-49F7-9431-1BC7B2F4E3F2

 

Nat Virtual Interfaces

VRFing 103, Using NAT Virtual Interfaces for Global Reachability

VRFing 102, Providing Internet Access With Dynamic PAT

NVI between VRF’s
http://serverfault.com/questions/516979/cisco-1921-using-nat-nvi-method-between-vrfs-slow-
performance

Old VRF aware NAT config
https://sites.google.com/site/amitsciscozone/home/mpls/vrf-aware-nat

Cisco

VPDN (PPtP) config guide

! Noodzakelijk commando, anders een optie voor PPtP client protocol!
!
service internal

!
vpdn enable
!
vpdn-group PPTP-client
request-dialin
protocol pptp
pool-member 99
initiate-to ip < VPDN IP address >
!
interface Dialer99
ip address negotiated
encapsulation ppp
dialer pool 99
dialer idle-timeout 0
dialer string 1
dialer persistent
dialer vpdn
 ppp authentication chap callin
ppp chap hostname < USERNAME >
ppp chap password < PASSWORD >
!
ip route 0.0.0.0 0.0.0.0 Dialer99
ip route < VPDN IP address > 255.255.255.255 < UITGAANDE INTERFACE >

 

Achtergrond

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/vpdn/configuration/xe-3s/asr1000/vpd-xe-3s-asr1000-book/mp-mngd-ipv6-lns-xe.html#GUID-C52024B2-2F98-46FC-8C5F-29BBD002280E

Cisco, Security

Cisco 819-LTE (KPN 4G/LTE)

Werkende config voor een Cisco 819-4G (LTE) en KPN mobiel.

Begin met het instellen van het Celluar modem, dit moet direct in de enable modus nog niet in de configure modus (dus niet conf t).

Stel regio in op Europe:

cellular 0 lte prl-region 1

Optioneel, stel in op alleen LTE modus:

cellular 0 lte technology lte

Activeer de SIM (waarbij de XYZ de SIM pincode is):

 

cellular 0 lte sim unlock XYZ

Controle:

Locked

Router#sh cellular 0 security 
Active SIM = 0
SIM switchover attempts = 0
Card Holder Verification (CHV1) = Enabled
SIM Status = Locked
SIM User Operation Required = Enter CHV1
Number of CHV1 Retries remaining = 3

Unlocked:

Router#sh cellular 0 security 
Active SIM = 0
SIM switchover attempts = 0
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of CHV1 Retries remaining = 3

 

Controle of de sim verbonden is met het mobiele netwerk, stuur een SMS;

cellular 0 lte sms send 061234567 hallo

Maak een profile voor de data APN:

cellular 0 lte profile create 1 create KPN4G.nl none

Profile 1 is standaard gekoppeld aan Celluar 0 en word aangesproken als de radio up is.

Om te controleren of de radio en de SIM is aangemeld:

sh celluar 0 radio

4G#sh cellular 0 radio
Radio power mode = ON
Channel Number = 6400
Current Band = LTE
Current RSSI = -80 dBm
Current RSRP = -100 dBm
Current RSRQ = -4 dB
Current SNR = 14.6 dB
Radio Access Technology(RAT) Preference = LTE
Radio Access Technology(RAT) Selected = LTE

En om te controleren of de radio het netwerk correct ziet:

sh cellular 0 network

4G#sh cellular 0 network
Current System Time = Sun Jan 6 0:13:57 1980
Current Service Status = Normal
Current Service = Packet switched
Current Roaming Status = Home
Network Selection Mode = Automatic
Network = KPN
Mobile Country Code (MCC) = 204
Mobile Network Code (MNC) = 8
Packet switch domain(PS) state = Attached
Registration state(EMM) = Registered
Tracking Area Code (TAC) = 60501
Cell ID = 9574667

 

Onderstaand de IOS configuratie waarbij de interface vlan 1 als interne interface gebruikt word met NAT en ip reeks 192.0.200.0/24.

!
controller Cellular 0
lte sim authenticate 0 0000
 lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 60
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Cellular0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer enable-timeout 60
dialer string lte
async mode interactive
routing dynamic
!
interface Vlan1
ip address 192.0.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list NAT interface Cellular 0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended NAT
permit ip 192.0.200.0 0.0.0.255 any
!
line 3
script dialer lte
modem InOut
no exec
transport input telnet
transport output all
rxspeed 100000000
txspeed 50000000

 

Achtergrond info

http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/EHWIC-4G-LTESW.html#pgfId-1309655

http://blog.martinshouse.com/2014/09/in-hope-that-it-helps-others-here-is.html

Cisco
1 9 10 11 12 13 14