Cisco 819-LTE (KPN 4G/LTE)
Werkende config voor een Cisco 819-4G (LTE) en KPN mobiel.
Begin met het instellen van het Celluar modem, dit moet direct in de enable modus nog niet in de configure modus (dus niet conf t).
Stel regio in op Europe:
cellular 0 lte prl-region 1
Optioneel, stel in op alleen LTE modus:
cellular 0 lte technology lte
Activeer de SIM (waarbij de XYZ de SIM pincode is):
cellular 0 lte sim unlock XYZ
Controle:
Locked
Router#sh cellular 0 security Active SIM = 0 SIM switchover attempts = 0 Card Holder Verification (CHV1) = Enabled SIM Status = Locked SIM User Operation Required = Enter CHV1 Number of CHV1 Retries remaining = 3
Unlocked:
Router#sh cellular 0 security Active SIM = 0 SIM switchover attempts = 0 Card Holder Verification (CHV1) = Disabled SIM Status = OK SIM User Operation Required = None Number of CHV1 Retries remaining = 3
Controle of de sim verbonden is met het mobiele netwerk, stuur een SMS;
cellular 0 lte sms send 061234567 hallo
Maak een profile voor de data APN:
cellular 0 lte profile create 1 create KPN4G.nl none
Profile 1 is standaard gekoppeld aan Celluar 0 en word aangesproken als de radio up is.
Om te controleren of de radio en de SIM is aangemeld:
sh celluar 0 radio 4G#sh cellular 0 radio Radio power mode = ON Channel Number = 6400 Current Band = LTE Current RSSI = -80 dBm Current RSRP = -100 dBm Current RSRQ = -4 dB Current SNR = 14.6 dB Radio Access Technology(RAT) Preference = LTE Radio Access Technology(RAT) Selected = LTE
En om te controleren of de radio het netwerk correct ziet:
sh cellular 0 network 4G#sh cellular 0 network
Current System Time = Sun Jan 6 0:13:57 1980 Current Service Status = Normal Current Service = Packet switched Current Roaming Status = Home Network Selection Mode = Automatic Network = KPN Mobile Country Code (MCC) = 204 Mobile Network Code (MNC) = 8 Packet switch domain(PS) state = Attached Registration state(EMM) = Registered Tracking Area Code (TAC) = 60501 Cell ID = 9574667
Onderstaand de IOS configuratie waarbij de interface vlan 1 als interne interface gebruikt word met NAT en ip reeks 192.0.200.0/24.
!
controller Cellular 0
lte sim authenticate 0 0000
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 60
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Cellular0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer enable-timeout 60
dialer string lte
async mode interactive
routing dynamic
!
interface Vlan1
ip address 192.0.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list NAT interface Cellular 0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended NAT
permit ip 192.0.200.0 0.0.0.255 any
!
line 3
script dialer lte
modem InOut
no exec
transport input telnet
transport output all
rxspeed 100000000
txspeed 50000000
Achtergrond info
http://blog.martinshouse.com/2014/09/in-hope-that-it-helps-others-here-is.html
Cisco Guide to Harden Cisco IOS Devices
http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html
http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=36857
IOS XR primer
And of course, the Master Command Listing for IOS XR was
very helpful too.
Once you have all this down, you can then dig into specific
topics such as RPL, e.t.c.
Here is a good one on RPL.
gives a baseline with some good info as to differences
and then move on to
http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xr-software/products-installation-and-configuration-guides-list.html
which gives the in depth topic by topic.
https://supportforums.cisco.com/community/5996/xr-os-and-platforms
Document tab as well as Blog tab will get you expert at IOS-XR in no time.
ciscolive.com pop “IOS-XR” into the search
IPv6 hardening guide for linux servers
A document with the said title, aimed at specific environments (with high security requirements) which are willing to spend significant resources for hardening.
Details can be found at http://www.insinuator.net/2014/12/ipv6-hardening-guide-for-linux-servers/.
Synchronization & Timing Self-Paced Online Bootcamp (Available Now)
– Industrial Solutions: More efficient Manufacturing
– Smart Grid: Replacing legacy Time Distribution with Ethernet
– High Frequency Trading: Regulatory and Market Differentiation
However this topic is being perceived as complex especially if your core expertise is IP networking. Dennis Hagarty from Cisco Systems who is also an industry expert in this area, decided to solve this problem by developing “Synchronization & Timing Self-Paced Bootcamp” which covers technology fundamentals as well as configuration and verification. Complete bootcamp is available on Youtube and has three modules. Below are the Youtube links,
Synchronization & Timing Self-Paced Bootcamp
Playlist: http://youtu.be/N7nTCHxBitU?
Clocking & Sync Part 1/3: TDM and Packet-based Frequency Sync
http://youtu.be/N7nTCHxBitU?
Clocking & Sync Part 2/3: IEEE 1588 and PTPv2
http://youtu.be/250reOmrN70?
Clocking & Sync Part 3/3: Configuration of Clocking and Timing
http://youtu.be/eitxR-_lMxs?
Cisco IOS XR EEM
Hi , I have the below EEM script and am trying to do it using IOS XR
event
manager applet SLA_OUT
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 1 exit-op eq exit-val 2 poll-interval 5
action 1.0 syslog msg “Test”
action 1.1 cli command “enable”
action 1.2 cli command “configure
terminal”
action 1.3 cli command “ip route 0.0.0.0
0.0.0.0 192.168.13.3”
action 1.4 syslog msg “There is a problem on our Primary connection , move all the traffic to the Secondary Line”
event
manager applet SLA_OK
event snmp oid 1.3.6.1.4.1.9.9.42.1.2.9.1.6.2 get-type exact entry-op eq entry-val 2 exit-op eq exit-val 1 poll-interval 5
action 1.0 syslog msg “OK”
action 1.1 cli command “enable”
action 1.2 cli command “configure
terminal”
action 1.3 cli command “no ip route
0.0.0.0 0.0.0.0 192.168.13.3”
action 1.4 syslog msg “Our Primary
connection is functionin again , stop using the Secondary Line”
Carrier Ethernet and Mobile Backhaul Video Tutorials
Carrier Ethernet and Mobile Backhaul Video Tutorials
Cisco has posted Ten New video tutorials on “Carrier Ethernet and Mobile Backhaul” on Cisco SPAG youtube channel.
Link:
http://youtu.be/uKwuge9DQl8?
Topics:
Introduction to ELINE Services
Configuring ELINE Services
Configuring CFNM on ELINE Service
Configuring Two Way Delay Measurement using Y1731PM Introduction to ELAN Services Configuring G8032 in an Access Ring Network Introduction to MPLS in Access Configuring ELAN Service using H-VPLS BGP Auto Discovery Configuring CE2.0 Layer 2 Protocol Forwarding Configuring Unified MPLS Transport
Cisco SPAG Youtube Channel
https://www.youtube.com/
LNS question asr 1002
Take a look on this page (Cisco didn’t update it with new models for a long time ) http://www.cisco.com/c/en/us/
The 1002 is limited to 12K
We didnt test the 1002-x but on a 1004 with ESP-20 and RP2 we cross the 32K L2TP sessions without a problem (48K and even 64K for short time ) but it is not recommended to cross the limits
>
> BTW, any ideas on the first question? 🙂 that is, realistic numbers
> of active broadband users on a 1002 with a 24K license?
>
> > You may actually want to look at summarizing this. The best practice
> would
> > be to have a per-LNS pool (either locally managed or from RADIUS)
> > and advertise the summary from the LNS up to the network.
> > You may need to redistribute also connected routes for “fixed IP”
> services
> > where a user may have a custom IP from the RADIUS.
> >
> > Not summarizing means that every connection (and disconnection) is a
> > BGP update driving your CPU utilization across the BGP domain…
> >> Secondly, how does one handle running two LNS servers? How does the
> >> border router know which edge (LNS) to forward too for a particular
> >> IP?
> >
> > I do it with iBGP where my router is advertising individual /32’s.
> > Yes it makes the route tables longer but it works well in my environment.
> > YMMV.
ME3600 config help, Q in Q
Under each Ethernet service instance you can define the following.
1) What frames arriving from the trunk port are to be associated with the particular service instance.
-that is accomplished with the “encapsulation” command.
-in your case “encapsulation dot1q 1048” dictates that service instance 10 will accept only frames with top VLAN tag 1048 followed by any subsequent VLAN tag(s) or data(IP packet).
2) Ingres VLAN tag manipulation removing, adding or translating 1 or 2 topmost tags.
-that is accomplished with the “rewrite” command.
-in your case pop-ing the first/single topmost VLAN tag.
3) Bridging operation aka what to do next with the frame (complete frame i.e. data and possibly adjacent/remaining VLAN tags).
-that is accomplished with the “bridge-domain” command.
– in your case the frame ends within bridge-domain 10.
IP interface for bridge-domain 10 is interface vlan 10.
But as Pshem already mentioned IP operation can be done only on untagged frames.
Though I don’t understand, how the service is supposed to operate, from your other email.
Because if the provider is creating a platform for the hub and spoke setup than they are responsible for pop-ing the top tag 1048.
>
> I am trying to configure an interface on a ME3600 to accept Q in Q
> from a provider. The p-vlan the provider is using is 1048 and they are
> carrying customer vlans (c-vlan) 1058-1098, one from each site. I’m
> new to the 3600 and have not done Q in Q on it yet. I’ve worked up
> this much of the config but it does not seem right. Can anyone give me
> some pointers or links to help me along ? I’ve only got one customer site configed, there will be 14.
>
>
> !
> vlan 1048
> name WINDSTREAM
> !
> vlan 1058
> name WINDSTREAM-HOBBS
> !
> interface GigabitEthernet0/6
> description Windstream VLS IP.LVXX.xxxxxx..WCI.001 port-type nni
> switchport trunk allowed vlan none switchport mode trunk service
> instance
> 10 ethernet
> encapsulation dot1q 1048
> rewrite ingress tag pop 1 symmetric
> bridge-domain 10
> !
> !
> interface Vlan1048
> description Windstream VLS
> no ip address
> !
> interface Vlan1058
> description WINDSTREAM-HOBBS
> ip address xxx.xx.xx.1 255.255.255.0
>
>
>
> Thanks,
>
> James