Search this Blog

Wednesday, October 23, 2013

4G HWIC Roaming After Inactivity

We are using the 4G HWIC in the cisco 2900 ISR routers for backup WAN connectivity via VPN tunnel. We have built EEM scripts that enable the cellular interface when the primary ISP (interface) fails.

working cellular status......

Radio Information
=================
Radio power mode = ON
Current RSSI = -64 dBm
LTE Technology Preference = LTE
LTE Technology Selected = LTE


After around 7-10 days the cellular card startsto roam as if the card is hibernating.

Radio Information
=================
Radio power mode = ON
Current RSSI = -125 dBm
LTE Technology Preference = LTE
LTE Technology Selected = LTE


The only way to fix the problem so far that I found is to power cycle the router. This will not work as a solution. we have tried shutting down the cellular interface but that does not work and you can not reset the radio from the IOS commads. we called Verizon to see if the 4G network was blocking me due to inactivty and they pointed to the cellular card as the problem.

This is a bug with the modem firmware that runs onthe HWIC itself. Luckily new firmware has been released which you must get from Cisco. Once you load the firmware in flash, the command is- microcode reload cellular 0 0 modem-provision flash:MC7750_VZW_03.05.10.06_00.cwe  (assuming your HWIC is in slot 0)


After you upgrade the modem to the new firmware you can get rid of all those EEM scripts. It should run great after this upgrade. We had the exact same problem you have and it fixed issues with a number of sites. The modem will power cycle after the upgrade so you will loose connectivity but if the upgrade is successful the connection should nail back up after the power cycle. This problem has plagued us since day one of these LTE HWICs. The minimum IOS to support the new modem firmware is 15.2(4)M3. Make sure you upgrade the IOS first, then the modem.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, October 11, 2013

How to pass traffic from BGP routing to a VPN destination.


Difficulty on the BGP routing issue. I have 2 routers, router A1 and router A2 are running in BGP for routing connection. Currently we setup a site to site VPN from router A2 to router B. Once the VPN connection establish, how to we connect to router B from router A1? Attached diagram below:-


It looks right. From this config, you'll be able to get to the shared subnet between A2 and B, but what's on the LAN side for B? You'll need to have a static address for that unless you're going to run a routing protocol. On Router B, you'll need a static route for A1 to point to A2 in order to get return traffic from A1 to B and back. 
For example, if your lan subnet on Router B is 192.168.5.0/24, on A2 you would create a static route: 
ip route 192.168.5.0 255.255.255.0  
On Router A2, you're redistributing statics, so A1 would know how to get to B since A2 knows and is advertising that to A1.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Proper HQoS Configuration for ETH + GRE Circuit

 A hub location connected to 2 spoke sites through a L2 cloud with an Ethernet 2M CCT from carrier (this cloud does not support CoS). The 2 Spoke Sites have have 1M SDSL ccts ( from same provider).

We have business traffic to be prioritized over the non corporate one. Main traffic flow is outgoing from the Hub and we are GRE Tunnels from hub to Spokes (one per Spoke site) with HQoS applied. Concern here is value to be configured on shaping (per each Tunnel) to proper considering the GRE + ETH encapsulation overhead , avoiding to  exceed the 2M of bandwidth contractualized with the carrier (and consequently drops from their PE).



My belief is most Cisco shapers don't account for L2 overhead.  So, you need to allow for that if the shaper doesn't.  Unfortunately, L2 overhead, as a percentage, varies per packet size.  You might shape for worst percentage or average percentage.  What to allow for depends on just how critical correct QoS operation is required.  For example, if you're dealing with VoIP packets, you'll probably want to allow more toward the worse case percentage.

If you're DSL is using PPPoE, don't also forget to allow for the 8 bytes used by it.

Whether you need to also account for GRE overhead would, I believe, depend on whether your shaper is configured on the tunnel interface or on the physical interface.  Like L2 overhead, GRE, as a percentage, would vary per packet size.  With GRE you also have the chance of fragmentation, although if your device supports (and it's enabled) ip tcp adjust-mss should preclude it (at least for TCP packets).


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, October 7, 2013

SSH across management Interface in our new Cisco ASR 1004.

 Trying to configure persistent SSH across management Interface in our new Cisco ASR 1004 platforms. Well, It seems to work fine, however when we try ssh to management interface:

1. TACACS+ authentication doesn´t work. Only local authentication (usernames configured in local) works with persistent SSH. Taking a view to ASR 1004 user guide, aaa is not supported over management interface configured for persistent SSH. Ok, it´s clear for me.

2. SSH session is stuck waiting for free TTY line, but only I´m trying to access to it ¿¿??. I only get into router emulation using persistent SSH, in diag mode pressing Ctrl+C or Ctrl+Shift+6, but you know in diag mode we won´t obtain full line vty capabilities. Anybody knows why don´t we obtain TTY line access using persistent SSH?

This is our config:

transport-map type persistent ssh sshmg
rsa keypair-name ASR_CBR4.elcorteingles.es
transport interface GigabitEthernet0
banner wait "*** WAITING FOR VTY LINE - CBR4***"
banner diagnostic "***DIAGNOSTIC MODE - CUBR4***"
connection wait allow interruptble
transport type persistent ssh input sshmg


Below link has the details for the SSH handling

You MUST use local authentication to work with Persistant SSH.



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Saving all routers configuration by one command in GNS3


When working with GNS need to save the configuration on each device separately, so that it can be saved as a file in the GNS on exit. I thought this problem as follows:

Available,, the virtual topology GNS (CCNP-CCIE) of 12 routers.
Model at all: 2691.
Version: (C2691-ADVENTERPRISEK9-M), Version 12.4 (23)

Created an additional router called it SAVER (IP 10.100.100.1), connected it to a network switch pseudo GNS via FastEthernet.Next, all 12 routers connected to this switch. Set up IP addressing, so that all the routers could see 10.100.100.1 ip address. Within this network is only allowed ICMP traffic. Next to each of the 12 routers we enter the following commands (give an example of one of the routers, since the rest are all identical):


# Enable the console output from the monitor reactions
ip sla monitor logging traps
ip sla monitor reaction-configuration 1 connection-loss-enable timeout-enable threshold-falling 5000 action-type trapOnly
Create a monitor
ip sla monitor 1
Use the IP address of the router SAVER, sending frequency and timeouts. These parameters can regulate themselves.
type echo protocol ipIcmpEcho 10.100.100.1
timeout 250
frequency 2
#Launch Monitor
ip sla monitor schedule 1 life forever start-time now


Next, create an applet that will save the configuration and based on the response of the monitor:

event manager applet saving
# If you encounter the following message, perform an action
event syslog pattern "%RTT-4-OPER_TIMEOUT"
action 1 cli command "enable"
action 2 cli command "write"
# At the end to display a message to the console
action 3 syslog msg "Configuration Successfully Saved. You can save GNS project and close it"

Next on the router SAVER create an applet that will provoke the message "%RTT-4-OPER_TIMEOUT" on other routers:

event manager applet saver
#When you enter the save command to run the applet
event cli pattern "save" sync yes
action 1.1 cli command "enable"
action 1.2 cli command "conf t"
# In my case, I used the Fa0/0, you can set up your interface
action 1.3 cli command "interface Fa0/0"
action 1.4 cli command "shutdown"
# Because in my version of IOS there is no commands Wait, I pull time, by generating syslog messages. The lower the frequency of sending ICMP on other routers, the more time you need to pull that load monitor.
action 2.10 syslog msg "Saving Configuration Please Wait"
action 2.11 syslog msg "Saving Configuration Please Wait"
action 2.12 syslog msg "Saving Configuration Please Wait"
action 2.13 syslog msg "Saving Configuration Please Wait"
action 2.14 syslog msg "Saving Configuration Please Wait"
action 2.15 syslog msg "Saving Configuration Please Wait"
action 2.16 syslog msg "Saving Configuration Please Wait"
action 2.17 syslog msg "Saving Configuration Please Wait"
action 2.18 syslog msg "Saving Configuration Please Wait"
action 2.19 syslog msg "Saving Configuration Please Wait"
action 2.20 syslog msg "Saving Configuration Please Wait"
action 2.21 syslog msg "Saving Configuration Please Wait"
action 3.4 cli command "no shutdown"
action 3.5 cli command "end"
action 3.6 cli command "write"


Result: enter the command save, and after 1-2 seconds, all configurations are stored on your routers.
If you are using TACACS then you need to specify the Event Manager user who has privileges.
If you do not have free FastEthernet interfaces on routers, we can arrange it all through routing, but it can create some problems.

Yes you're right, GNS3 will save the startup and if you don't copy the running to startup then GNS3 will do nothing for you. EEM script but why not use a script with putty to send the wr command on all routers and do a cron job for this script ? Wouldn't it be simpler ?
It work with ssh, in the batch file:
D:\name\Desktop\putty.exe -ssh -l alain   -pw cisco -m D:\name\Desktop\test.txt  192.168.10.254
And on the router:
line vty 0 15
login local
privilege level 15


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */