Blogs

Working NZ Fibre UFB Cisco Router Configuration

This config is based on SNAP as the ISP and Cisco IOS version 15.1
You will need to update anything with "###REMOVED###" and create your own access lists.

version 15.1
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
no service dhcp
!
hostname ###REMOVED###
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 2048000
logging rate-limit 200 except notifications
no logging console
no logging monitor
enable secret ###REMOVED###
!
!
!
clock timezone NZST 12 0
clock summer-time NZDT recurring last Sun Sep 2:00 1 Sun Apr 3:00
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause rootguard
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery interval 30
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
!
no ip bootp server
ip domain name ###REMOVED###
ip name-server ###REMOVED###
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall ntp
ip inspect name firewall dns
ip inspect name firewall sip-tls
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
voice-card 0
!
!
!
!
!
license udi pid CISCO2821 sn ###REMOVED###
archive
 log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
  hidekeys
 path flash:archived-config
 write-memory
file verify auto
!
no spanning-tree vlan 1
no spanning-tree vlan 10
!
username ###REMOVED### privilege 15 secret ###REMOVED###
!
redundancy
!
!
ip tcp selective-ack
ip tcp timestamp
ip tcp synwait-time 15
ip tcp path-mtu-discovery
ip ssh version 2
!
!
interface GigabitEthernet0/0
 description $Firewall_INSIDE$
 ip address ###REMOVED### ###REMOVED###
 ip access-group 102 in
 ip flow ingress
 ip nat inside
 ip inspect firewall out
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 load-interval 30
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description TO:ChorusONT
 bandwidth inherit 100000
 no ip address
 load-interval 30
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1.10
 description UFB-VLAN10
 encapsulation dot1Q 10
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/0/0
 description SHUTDOWN
 no ip address
 shutdown
!
interface FastEthernet0/0/1
 description SHUTDOWN
 no ip address
 shutdown
!
interface FastEthernet0/0/2
 description SHUTDOWN
 no ip address
 shutdown
!
interface FastEthernet0/0/3
 description SHUTDOWN
 no ip address
 shutdown
!
interface Vlan1
 no ip address
!
interface Dialer0
 mtu 1492
 bandwidth inherit 100000
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect firewall out
 ip virtual-reassembly in
 encapsulation ppp
 load-interval 30
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 ppp authentication pap callin
 ppp eap refuse
 ppp chap refuse
 ppp ms-chap refuse
 ppp ms-chap-v2 refuse
 ppp pap sent-username ###REMOVED###@snap.net.nz password ###REMOVED###
 ppp ipcp dns request
 ppp ipcp route default
 no cdp enable
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip flow-top-talkers
 top 50
 sort-by bytes
 cache-timeout 3600000
!
ip nat inside source route-map NONAT interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.0.0.0 Null0
ip route 127.0.0.0 255.255.255.0 Null0
ip route 169.254.0.0 255.255.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.0.2.0 255.255.255.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0
ip route 198.18.0.0 255.254.0.0 Null0
!
ip access-list logging interval 10
access-list 101 ###REMOVED###
access-list 102 ###REMOVED###
access-list 105 deny   ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 105 permit ip 10.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
!
!
!
!
route-map NONAT permit 10
 match ip address 105
!
!
control-plane
!
!
!
mgcp profile default
!
!
banner exec ^

HOSTNAME: $(hostname).$(domain)
VTY LINE: $(line)
+----------------------------------------------------------------------+
|                                                                      |
|                            |            |                            |
|                           |||          |||                           |
|                         .|||||.      .|||||.                         |
|                      .:|||||||||:..:|||||||||:.                      |
|                       C i s c o  S y s t e m s                       |
|                                                                      |
|                                                                      |
| Site:       ###REMOVED###                                            |
| Model:      ###REMOVED###                                            |
| Installed:  ###REMOVED###                                            |
|                                                                      |
+----------------------------------------------------------------------+

^
banner login ^
!

+----------------------------------------------------------------------+
|                                                                      |
|                      THIS DEVICE IS MONITORED!!!                     |
|                                                                      |
|            This Device is managed by ###REMOVED###                   |
|                                                                      |
|     ** Access to this system is PROHIBITED unless AUTHORISED **      |
|          If you are not authorised please disconnect now.            |
|    If you fail to disconnect now you may be prosecuted under the     |
|     Crimes Amendment Act 2003 section 252 under New Zealand law.     |
|                                                                      |
+----------------------------------------------------------------------+

^
!
line con 0
 logging synchronous
 login authentication LOGIN
 width 200
 international
 stopbits 1
line aux 0
line vty 0 4
 access-class 2 in
 exec-timeout 60 0
 logging synchronous
 login authentication LOGIN
 length 0
 width 200
 international
 transport input ssh
!
scheduler allocate 20000 1000
ntp logging
ntp update-calendar
ntp server ###REMOVED###
end

MRTG Configuration for Cisco CPU & Memory Utilisation

Below is the MRTG configurations for Cisco 2821 and Cisco 887VA routers.

This configutration should also work on other Cisco Routers but you may need to edit the SNMP OID to match your paticular device.

 

Cisco 2821

  • CPU

Target[cisco2821_CPU]: 1.3.6.1.4.1.9.9.109.1.1.1.1.8.1&.1.3.6.1.4.1.9.9.109.1.1.1.1.8.1:communityname@hostname
Title[cisco2821_CPU]: ###REMOVED### - CPU Utilisation
PageTop[cisco2821_CPU]: <H1>###REMOVED### - CPU Utilisation</H1>
YLegend[cisco2821_CPU]: CPU Utilisation
ShortLegend[cisco2821_CPU]: %
MaxBytes[cisco2821_CPU]: 100
Directory[cisco2821_CPU]: ###REMOVED###
Options[cisco2821_CPU]: nopercent, gauge, unknaszero, growright
Unscaled[cisco2821_CPU]: dwmy
Legend1[cisco2821_CPU]: ###REMOVED### - CPU Utilisation
Legend2[cisco2821_CPU]: .
Legend3[cisco2821_CPU]: Max value per interval on graph
Legend4[cisco2821_CPU]: .
LegendI[cisco2821_CPU]: CPU:
LegendO[cisco2821_CPU]: .
Colours[cisco2821_CPU]: GREEN#00eb0c,BLUE#0000ff,GRAY#AAAAAA,VIOLET#ff00ff
WithPeak[cisco2821_CPU]: ymw

  • Memory

Target[cisco2821_Memory]:1.3.6.1.4.1.9.9.48.1.1.1.5.1&.1.3.6.1.4.1.9.9.48.1.1.1.6.1:communityname@hostname
Title[cisco2821_Memory]: ###REMOVED### - Memory
PageTop[cisco2821_Memory]: <H1>###REMOVED### - Memory</H1>
MaxBytes[cisco2821_Memory]: 512000000
Directory[cisco2821_Memory]: ###REMOVED###
Unscaled[cisco2821_Memory]: dwmy
Options[cisco2821_Memory]: gauge, nopercent, unknaszero, growright
YLegend[cisco2821_Memory]: Bytes
ShortLegend[cisco2821_Memory]: Bytes
Legend1[cisco2821_Memory]: Used
Legend2[cisco2821_Memory]: Free
Legend3[cisco2821_Memory]: Max value per interval on graph
Legend4[cisco2821_Memory]: .
LegendI[cisco2821_Memory]: Used
LegendO[cisco2821_Memory]: Free
Colours[cisco2821_Memory]: GREEN#00eb0c,BLUE#0000ff,GRAY#AAAAAA,VIOLET#ff00ff
WithPeak[cisco2821_Memory]: ymw

 

Cisco 887VA

  • CPU

Target[cisco887VA_CPU]: 1.3.6.1.4.1.9.2.1.58.0&.1.3.6.1.4.1.9.2.1.58.0:communityname@hostname
Title[cisco887VA_CPU]: ###REMOVED### - CPU Utilisation
PageTop[cisco887VA_CPU]: <H1>###REMOVED### - CPU Utilisation</H1>
YLegend[cisco887VA_CPU]: CPU Utilisation
ShortLegend[cisco887VA_CPU]: %
MaxBytes[cisco887VA_CPU]: 100
Directory[cisco887VA_CPU]: ###REMOVED###
Options[cisco887VA_CPU]: nopercent, gauge, unknaszero, growright
Unscaled[cisco887VA_CPU]: dwmy
Legend1[cisco887VA_CPU]: ###REMOVED### - CPU Utilisation
Legend2[cisco887VA_CPU]: .
Legend3[cisco887VA_CPU]: Max value per interval on graph
Legend4[cisco887VA_CPU]: .
LegendI[cisco887VA_CPU]: CPU:
LegendO[cisco887VA_CPU]: .
Colours[cisco887VA_CPU]: GREEN#00eb0c,BLUE#0000ff,GRAY#AAAAAA,VIOLET#ff00ff
WithPeak[cisco887VA_CPU]: ymw

  • Memory

Target[cisco887VA_Memory]:1.3.6.1.4.1.9.9.48.1.1.1.5.1&.1.3.6.1.4.1.9.9.48.1.1.1.6.1:communityname@hostname
Title[cisco887VA_Memory]: ###REMOVED### - Memory
PageTop[cisco887VA_Memory]: <H1>###REMOVED### - Memory</H1>
MaxBytes[cisco887VA_Memory]: 256000000
Directory[cisco887VA_Memory]: ###REMOVED###
Unscaled[cisco887VA_Memory]: dwmy
Options[cisco887VA_Memory]: gauge, nopercent, unknaszero, growright
YLegend[cisco887VA_Memory]: Bytes
ShortLegend[cisco887VA_Memory]: Bytes
Legend1[cisco887VA_Memory]: Used
Legend2[cisco887VA_Memory]: Free
Legend3[cisco887VA_Memory]: Max value per interval on graph
Legend4[cisco887VA_Memory]: .
LegendI[cisco887VA_Memory]: Used
LegendO[cisco887VA_Memory]: Free
Colours[cisco887VA_Memory]: GREEN#00eb0c,BLUE#0000ff,GRAY#AAAAAA,VIOLET#ff00ff
WithPeak[cisco887VA_Memory]: ymw

 

Cisco Colour Banners

It’s True… It's not quite a April Fool's joke but yes you can actually have colour banners on Cisco IOS devices.

Banner login: (Before Login)

Cisco banner exec color

Banner exec: (After Login)

Cisco banner login color

I stumbled across this as I was sent a link to an ASCI/telnet movie in which it was in colour and wondered if such could be done with the banners.

I guess it’s one way to spruce up the Cisco command line interface from the traditional Black n White. I had some fun with my colleagues at work with a few WTF moments as they logged into an updated device.  (“Cough” New IOS version lol)

After doing some research, some people where actually using the banners to colour code their routers, for instance using Red text for Core, Blue for Distribution and Green for access devices so you instantly know which layer of devices you are on.

From the testing I have performed this will virtually work on any type of console access into the Cisco IOS device, whether it be SSH, Serial Console or Telnet (hopefully you are not using Telnet in production network for security reasons). 

I haven’t come across a client that does not support it yet.

Anyway here is a guide on how to do it:

 

Escape Characters:

The hardest part creating the config is trying to enter the escape character into the configuration.
Not all terminal clients support the commend so if nothing works, don't sweet, try a different console client.
On most good clients you can enter in the esc character by pressing the CTRL + V buttons together, release, then press  the ESC key.  A ^[ should show up in the client to indicate this has been successful.  You will now know why CTRL + V never works when trying to directly paste in config into the terminal client. Some clients might have a shortcut via the menu to ESC in more easily.
 

Colour Change codes:

After the ESC character is the code the changes the colour.
In this case the code for blue is [34;1m, 34 is the colour code and 1 means bright.
The colour code is the second digit. In this case it's number 4. See the table below.
If you want green the code will need to be [32;1m where 2 is the code for green
The 1m part of the code is required to set the text to bright otherwise everything will stay grey.
 
 
The Colour Table:
0
1
2
3
4
5
6
7
Black
Red
Green
Yellow
Blue
Magenta
Cyan
White
 
 
Configuration Step by Step:
  1. Enter into config mode by entering in config t and hit enter.

  2. Enter in banner motd ^ and hit enter. ^ is the delimiting character to escape out of the banner config which will be one of the last steps.

  3. Enter the esc character by pressing the CTRL + V buttons together, release, then press  the ESC key.  A ^[ should show up in the client. Do not press enter yet.

  4. Next enter in [34;1m which is the commands for the colour change, in this case is colour Blue. Do not press enter yet, there should be double [[ which is normal.

  5. Next type in some text of your choice Some Sample Text, This text will turn blue and press enter.

  6. Enter in ^ and this will quit out of the banner config.

  7. Type in Exit then enter to exit out of config mode.

  8. To see the changes show run | begin banner motd. The text should now be blue.

The complete code will look something similar to below:

Cisco#config t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#banner motd ^
Enter TEXT message. End with the character '^'
^[[32;1m This text will turn green
^
Cisco(config)#
Cisco(config)#exit
Cisco#sh run | beg banner motd
banner motd ^C
 This text will turn green
^C
!
Note: Any text after the banner will now show as green. When doing a show run you will not be able to see the entered ESC or colour config. The only way to see the Full config with the ESC characters etc is to dump the config to a TFTP server.
 
 
TFTP Method:
 
For the complete source code for the banner in the images above click here.
Please Right click on the link & select Save As. Dont copy out from browser otherwise the ESC characters will be lost.
 
All you need to do is edit the file in notepad for your needs. TFTP the file to the running config (copy tftp: running-config) on the Cisco device.
Note: You may notice in the file that the boarders of the banner have been pushed to the right side due to extra config. As soon as this is entered into the configuration and a show run is preformed this will disappear and the correct borders will show.
 
This method will only overwrite the banner config and not the rest of the config.
Do a sh run | beg banner to view the updated config or re-logon to the device. All going well you should see the colourful result.

Back to back (Point to Point) SHDSL connection

Below is a quick way to extend your network over SHDSL with speeds up to 4.6Mb over copper with Cisco's WIC-1SHDSL V3 modules.
(Symmetrical WAN speeds up to 2.3 Mbps over a single copper pair and up to 4.6 Mbps over two copper pairs using ITU-T G.991.2 Annexes A and B)
The config below is no means complete and requires hardening before adding this into production.
  • The basic RIP routing protocol was used to get the network running.
  • The Lab was setup with two Cisco 1841 Routers with WIC-1SHDSL V3 modules installed into slot 0 on each router
  • A 2 pair crossover cable with RJ11 connectors was used between the two routers (Cisco Lavender RJ11 ADSL Cable).
  • The two cards need to be set with roles, Head Office (CO) and Customer-provided equipment (CPE)


Router1#sh run
Building configuration...

Current configuration : 1112 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
controller DSL 0/0/0
 mode atm
 line-term co
 line-mode 4-wire enhanced
 dsl-mode shdsl symmetric annex B
 ignore-error-duration  15
!
!
interface Loopback0
 ip address 10.255.255.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.0.1 255.255.0.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 ip address 10.0.0.1 255.255.255.0
 no snmp trap link-status
 pvc 2/100
  no oam-pvc manage
  encapsulation aal5mux ip
 !
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Router1#
Router1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
R       10.255.255.2/32 [120/1] via 10.0.0.2, 00:00:12, ATM0/0/0.1
R       10.2.0.0/16 [120/1] via 10.0.0.2, 00:00:12, ATM0/0/0.1
C       10.0.0.0/24 is directly connected, ATM0/0/0.1
C       10.255.255.1/32 is directly connected, Loopback0
C       10.1.0.0/16 is directly connected, FastEthernet0/0
Router1#


Router2#sh run
Building configuration...

Current configuration : 1113 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
!
!
controller DSL 0/0/0
 mode atm
 line-term cpe
 line-mode 4-wire enhanced
 dsl-mode shdsl symmetric annex B
 ignore-error-duration  15
!
!
interface Loopback0
 ip address 10.255.255.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.2.0.1 255.255.0.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 load-interval 30
 no atm ilmi-keepalive
!
interface ATM0/0/0.1 point-to-point
 ip address 10.0.0.2 255.255.255.0
 no snmp trap link-status
 pvc 2/100
  no oam-pvc manage
  encapsulation aal5mux ip
 !
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Router2#
Router2#sh ip rout
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C       10.255.255.2/32 is directly connected, Loopback0
C       10.2.0.0/16 is directly connected, FastEthernet0/0
C       10.0.0.0/24 is directly connected, ATM0/0/0.1
R       10.255.255.1/32 [120/1] via 10.0.0.1, 00:00:12, ATM0/0/0.1
R       10.1.0.0/16 [120/1] via 10.0.0.1, 00:00:12, ATM0/0/0.1
Router2#

Cisco HWIC-3G-GSM Config

This is a quick blog about my Cisco HWIC-3G-GSM module which I purchased recently and the steps to install one.
The Cisco HWIC-3G-GSM module is a quick way to setup remote sites with Internet or WAN services and/or useful for backup link solutions for existing cabled sites.

The HWIC-3G-GSM module supports the following service’s:
•General Packet Radio Services (GPRS)
•Enhanced Data Rates for GSM Evolution (EDGE)
•Universal Mobile Telecommunication System (UMTS)
•High-Speed Downlink Packet Access (HSDPA)
 
It supports multiple bands on the multiple services for use in different parts of the world:
•850/900/1800/1900 MHz for GPRS and EDGE services
•850/1900/2100 MHz for UMTS and HSDPA services
 
Routers which support the HWIC-3G-GSM module are the Cisco 1841, 2800 series and 3800 series etc 
Minimum IOS version required is 12.4(15)T1 or above. For this example I'm using c1841-advipservicesk9-mz.124-24.T6.bin IOS.
 

Hardware:

The hardware requirements for the install are easy.
Firstly insert the SIM card into the SIM card holder on the HWIC-3G-GSM card and lock the SIM card in again with the bracket and screw.
Secondly insert the card into a spare HWIC slot on the router and tighten the screws. It's best to use the lowest numbered spare slot first.
Thirdly attach the Aerial
 
Run a show version to check the IOS requirements and most importantly the card is recognised. See output below:
 
Cisco 1841 (revision 4.1) with 355328K/37888K bytes of memory.
Processor board ID FHK00000000
2 FastEthernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
1 Cellular interface
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)
 

 

Configuration:

The Sierra Wireless 3G modem on the HWIC card needs to have your 3G provider's APN settings configured. These settings are directly written onto the HWIC card so if you erase the startup-config these APN's will not be lost.

In Enable Mode: (Hardware Configuration)

Below is a list of New Zealand's most common providers. To make it easy I configured all New Zealand's APN's onto different profiles onto the card.

Telecom APN's:
cellular 0/0/0 gsm profile create 1 internet.telecom.co.nz
cellular 0/0/0 gsm profile create 2 direct.telecom.co.nz
Skinny APN:
cellular 0/0/0 gsm profile create 3 wapaccess.co.nz
2degrees APN:
cellular 0/0/0 gsm profile create 4 internet
Vodafone APN's:
cellular 0/0/0 gsm profile create 5 www.vodafone.net.nz
cellular 0/0/0 gsm profile create 6 direct.vodafone.net.nz
cellular 0/0/0 gsm profile create 7 opt.vodafone.net.nz
 
Output will be similar to below:

C1841#cellular 0/0/0 gsm profile create 1 internet.telecom.co.nz
Profile 1 will be created with the following values:
APN = internet.telecom.co.nz
Are you sure? [confirm]
Profile 1 written to modem
C1841#cellular 0/0/0 gsm profile create 2 direct.telecom.co.nz
Profile 2 will be created with the following values:
APN = direct.telecom.co.nz
Are you sure? [confirm]
Profile 2 written to modem
C1841#

 

Most public APN's do not have password requirements. If they do please follow the below commands:

PAP:

C1841#cellular 0/0/0 gsm profile create 15 someapn.someprovider.co.nz pap SOMEUSERNAME SOMEPASSWORD
Profile 15 will be created with the following values:
APN = someapn.someprovider.co.nz
Authenticaton = PAP
Username = SOMEUSERNAME
Password = SOMEPASSWORD
Are you sure? [confirm]
Profile 15 written to modem
C1841#

CHAP:

C1841#cellular 0/0/0 gsm profile create 16 someapn.someprovider.co.nz chap SOMEUSERNAME SOMEPASSWORD
Profile 16 will be created with the following values:
APN = someapn.someprovider.co.nz
Authenticaton = CHAP
Username = SOMEUSERNAME
Password = SOMEPASSWORD
Are you sure? [confirm]
Profile 16 written to modem
C1841#

 

To confirm the profiles have been applied correctly run show cellular 0/0/0 profile and check the output is similar to below.
C1841#show cellular 0/0/0 profile
Profile 1 = ACTIVE*
--------
PDP Type = IPv4
PDP address = 115.189.xxx.xxx
Access Point Name (APN) = internet.telecom.co.nz
Authentication = None
Username: , Password:

Profile 2 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = direct.telecom.co.nz
Authentication = None
Username: , Password:

Profile 3 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = wapaccess.co.nz
Authentication = None
Username: , Password:

Profile 4 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = internet
Authentication = None
Username: , Password:

Profile 5 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = www.vodafone.net.nz
Authentication = None
Username: , Password:

Profile 6 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = direct.vodafone.net.nz
Authentication = None
Username: , Password:

Profile 7 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = opt.vodafone.net.nz
Authentication = None
Username: , Password:

Profile 16 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) =
Authentication = None
Username: , Password:

 * - Default profile
C1841#
 

In Config Mode:

Chat Script Setup:

When setting up the APN we created separate 3G profiles on the HWIC card. We need config the router to use only one of the profiles. 
In the examples I'm using Telecom's XT APN which is profile 1 which is chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
If you wish to use one of the other profiles to must add the profile number into the chat script as in the examples below:
Profile number 3 = chat-script gsm "" "ATDT*99*3#" TIMEOUT 60 "CONNECT"
Profile number 7 = chat-script gsm "" "ATDT*99*7#" TIMEOUT 60 "CONNECT"
Note: The profile number does not need to be inserted for Profile number 1

 

General Configuration:

The below config is a basic config dump to get the router to connect to 3G to allow internet connectivity through to a PC.
Highlighted in Green is the minimum config requirements to connect to 3G.
  • You will need to implement your own ACL's etc to complete the install securely.
  • It's important to keep the PPP username and password configured on the Cellular0/0/0 Interface even if your APN does not require this. I have used Cisco as the Username and Password as a filler.
  • If you wish to avoid Dial On Demand Routing dropping the connection after a few minutes add dialer idle-timeout 0 to the Cellular0/0/0 Interface to stop this.

C1841#sh run
Building configuration...

Current configuration : 2015 bytes
!
version 12.4
service nagle
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
no service password-recovery
!
hostname C1841
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 2048000
!
no aaa new-model
dot11 syslog
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool dhcppool
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 192.168.0.1
   update arp
!
!
ip cef
ip domain name local
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description LAN
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Cellular0/0/0
 description 3G Internet
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer in-band
 dialer string gsm
 dialer-group 1
 async mode interactive
 ppp chap hostname Cisco
 ppp chap password 7 032772382520
 ppp ipcp dns request
 ppp ipcp route default
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list 2 interface Cellular0/0/0 overload
!
access-list 1 remark For Dialer
access-list 1 permit any
access-list 2 remark NAT ACL - Internal LAN Ranges
access-list 2 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip list 1

!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 0/0/0
 exec-timeout 0 0
 script dialer gsm
 login
 modem InOut
 no exec
 rxspeed 3600000
 txspeed 384000

line vty 0 4
 login
!
scheduler allocate 20000 1000
end
C1841#
 

Signal Status:

You can quickly identify the signal strength by looking at the RSSI (Receive Signal Strength Indicator) on the HWIC card

Led Status Signal Strength
Solid Green High Signal (-69 dBm or higher)
Fast Green Flash Medium Signal (-89 to -70 dBm)
Slow Green Flash (1sec) Low to medium Signal (-99 to -90 dBm), minimum level for a reliable connection
Off Low Signal (less than -100 dBm)
Solid Amber No service available and no RSSI detected

 

 

 

 

 

 

To view the Receive Signal Strength over different time periods you can check it with the below commends:

C1841#sh cellular 0/0/0 radio history ?
all Show all RSSI history
per-hour Show per hour RSSI history
per-min Show per minute RSSI history
per-sec Show per second RSSI history

C1841#sh cellular 0/0/0 radio history all

C1841 11:37:53 PM Saturday Jan 14 2012 NZDT


888888888888888888888888888888888888888888888888888888888888
555555555555555555555555555555555555555555555555555555555555
140
130
120
110
100
90 ************************************************************
80 ************************************************************
70 ************************************************************
60 ************************************************************
50 ************************************************************
40 ************************************************************
30 ************************************************************
20 ************************************************************
10 ************************************************************
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
RSSI(-dBm) per second (last 60 seconds)

1
888988818888888888888888888888888888888888888888888888888888
555155502222222222222222222222222222222222222222222222222222
140
130
120
110 *
100 *
90 ########
80 ############################################################
70 ############################################################
60 ############################################################
50 ############################################################
40 ############################################################
30 ############################################################
20 ############################################################
10 ############################################################
0....5....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0
RSSI(-dBm) per minute (last 60 minutes)
* = maximum RSSI # = average RSSI

1 11
818811
206600
140
130
120
110 * **
100 * **
90 *****
80 ######
70 ######
60 ######
50 ######
40 ######
30 ######
20 ######
10 ######
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0
RSSI(-dBm) per hour (last 72 hours)
* = maximum RSSI # = average RSSI

 

Diagnostics:

 
Run the show cellular 0/0/0 all command to view all info and config on the HWIC card, in this example profile 1 is active and connected to the 3G network.
 

C1841#sh cellular 0/0/0 all
Hardware Information
====================
Modem Firmware Version = H1_1_9_3MCAP C:/WS/
Modem Firmware built = 12/12/07
Hardware Version = 1.1
International Mobile Subscriber Identity (IMSI) = xxxxxxxxxxxxxxx
International Mobile Equipment Identity (IMEI) = xxxxxxxxxxxxxxx
Factory Serial Number (FSN) = xxxxxxxxxxxxxxx
Modem Status = Online
Current Modem Temperature = 50 deg C, State = Normal

Profile Information
====================
Profile 1 = ACTIVE*
--------
PDP Type = IPv4
PDP address = 122.63.xxx.xxx
Access Point Name (APN) = internet.telecom.co.nz
Authentication = None
Username: , Password:

Profile 2 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = direct.telecom.co.nz
Authentication = None
Username: , Password:

Profile 3 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = wapaccess.co.nz
Authentication = None
Username: , Password:

Profile 4 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = internet
Authentication = None
Username: , Password:

Profile 5 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = www.vodafone.net.nz
Authentication = None
Username: , Password:

Profile 6 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = direct.vodafone.net.nz
Authentication = None
Username: , Password:

Profile 7 = INACTIVE
--------
PDP Type = IPv4
Access Point Name (APN) = opt.vodafone.net.nz
Authentication = None
Username: , Password:

 * - Default profile

Data Connection Information
===========================
Data Transmitted = 366096 bytes, Received = 663684 bytes
Profile 1, Packet Session Status = ACTIVE
        IP address = 122.63.xxx.xxx
Profile 2, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 5, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 6, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 7, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 8, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 9, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 10, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 11, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 12, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 13, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 14, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 15, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state
Profile 16, Packet Session Status = INACTIVE
        Inactivity Reason = Normal inactivate state

Network Information
===================
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = HSDPA (Attached)
Packet Session Status = Active
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = NZL, Network = Telecom
Mobile Country Code (MCC) = 530
Mobile Network Code (MNC) = 5
Location Area Code (LAC) = 13305
Routing Area Code (RAC) = 0
Cell ID = 33152
Primary Scrambling Code = 59
PLMN Selection = Automatic
Registered PLMN =  , Abbreviated =
Service Provider = Telecom NZ

Radio Information
=================
Current Band = WCDMA 850, Channel Number = 1062
Current RSSI(RSCP) = -86 dBm
Band Selected = Auto

Modem Security Information
==========================
Card Holder Verification (CHV1) = Disabled
SIM Status = OK
SIM User Operation Required = None
Number of Retries remaining = 3
 

 

Debug Commands:

If you are having any issues you can run the below commends to view the output in the console.

debug dialer
debug chat
debug ppp negotiation
debug ppp error

The below output is where the Cellular0/0/0 Interface has successfully connected.

C1841#
C1841#
000035: *Jan 28 2012 10:23:04.967 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
000036: *Jan 28 2012 10:23:06.503 UTC: Ce0/0/0 DDR: place call
000037: *Jan 28 2012 10:23:06.503 UTC: Ce0/0/0 DDR: Dialing cause ip (s=192.168.0.10, d=192.168.0.1)
000038: *Jan 28 2012 10:23:06.503 UTC: Ce0/0/0 DDR: Attempting to dial gsm
000039: *Jan 28 2012 10:23:06.503 UTC: CHAT0/0/0: Attempting async line dialer script
000040: *Jan 28 2012 10:23:06.503 UTC: CHAT0/0/0: Dialing using Modem script: gsm & System script: none
000041: *Jan 28 2012 10:23:06.511 UTC: CHAT0/0/0: process started
000042: *Jan 28 2012 10:23:06.511 UTC: CHAT0/0/0: Asserting DTR
000043: *Jan 28 2012 10:23:06.511 UTC: CHAT0/0/0: Chat script gsm started
000044: *Jan 28 2012 10:23:06.511 UTC: CHAT0/0/0: Sending string: ATDT*99#
000045: *Jan 28 2012 10:23:06.511 UTC: CHAT0/0/0: Expecting string: CONNECT
000046: *Jan 28 2012 10:23:06.555 UTC: CHAT0/0/0: Completed match for expect: CONNECT
000047: *Jan 28 2012 10:23:06.555 UTC: CHAT0/0/0: Chat script gsm finished, status = Success
000048: *Jan 28 2012 10:23:08.691 UTC: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
000049: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 DDR: Dialer statechange to up
000050: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 DDR: Dialer call has been placed
000051: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 PPP: Using dialer call direction
000052: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 PPP: Treating connection as a callout
000053: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 PPP: Session handle[8A000004] Session id[2]
000054: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Active Open
000055: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 PPP: No remote authentication for call-out
000056: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 LCP: O CONFREQ [Closed] id 3 len 20
000057: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
000058: *Jan 28 2012 10:23:08.691 UTC: Ce0/0/0 LCP:    MagicNumber 0x12AB4D95 (0x050612AB4D95)
000059: *Jan 28 2012 10:23:08.695 UTC: Ce0/0/0 LCP:    PFC (0x0702)
000060: *Jan 28 2012 10:23:08.695 UTC: Ce0/0/0 LCP:    ACFC (0x0802)
000061: *Jan 28 2012 10:23:08.695 UTC: Ce0/0/0 LCP: I CONFREQ [REQsent] id 2 len 25
000062: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACCM 0x00000000 (0x020600000000)
000063: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    AuthProto CHAP (0x0305C22305)
000064: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    MagicNumber 0x966D4493 (0x0506966D4493)
000065: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    PFC (0x0702)
000066: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACFC (0x0802)
000067: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP: O CONFACK [REQsent] id 2 len 25
000068: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACCM 0x00000000 (0x020600000000)
000069: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    AuthProto CHAP (0x0305C22305)
000070: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    MagicNumber 0x966D4493 (0x0506966D4493)
000071: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    PFC (0x0702)
000072: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACFC (0x0802)
000073: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP: I CONFACK [ACKsent] id 3 len 20
000074: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACCM 0x000A0000 (0x0206000A0000)
000075: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    MagicNumber 0x12AB4D95 (0x050612AB4D95)
000076: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    PFC (0x0702)
000077: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP:    ACFC (0x0802)
000078: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 LCP: State is Open
000079: *Jan 28 2012 10:23:08.699 UTC: Ce0/0/0 PPP: Phase is AUTHENTICATING, by the peer
000080: *Jan 28 2012 10:23:08.703 UTC: Ce0/0/0 CHAP: I CHALLENGE id 1 len 35 from "UMTS_CHAP_SRVR"
000081: *Jan 28 2012 10:23:08.703 UTC: Ce0/0/0 CHAP: Using hostname from interface CHAP
000082: *Jan 28 2012 10:23:08.703 UTC: Ce0/0/0 CHAP: Using password from interface CHAP
000083: *Jan 28 2012 10:23:08.703 UTC: Ce0/0/0 CHAP: O RESPONSE id 1 len 26 from "Cisco"
000084: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 CHAP: I SUCCESS id 1 len 4
000085: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
000086: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
000087: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 PPP: Phase is UP
000088: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 22
000089: *Jan 28 2012 10:23:08.711 UTC: Ce0/0/0 IPCP:    Address 0.0.0.0 (0x030600000000)
000090: *Jan 28 2012 10:23:08.715 UTC: Ce0/0/0 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
000091: *Jan 28 2012 10:23:08.715 UTC: Ce0/0/0 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
000092: *Jan 28 2012 10:23:08.715 UTC: Ce0/0/0 PPP: Process pending ncp packets
000093: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 1 len 16
000094: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP:    PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
000095: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP:    SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
000096: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 2 len 22
000097: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP:    Address 0.0.0.0 (0x030600000000)
000098: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP:    PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
000099: *Jan 28 2012 10:23:09.719 UTC: Ce0/0/0 IPCP:    SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
000100: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP: I CONFNAK [REQsent] id 2 len 16
000101: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP:    PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
000102: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP:    SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
000103: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP: O CONFREQ [REQsent] id 3 len 22
000104: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP:    Address 0.0.0.0 (0x030600000000)
000105: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP:    PrimaryDNS 10.11.12.13 (0x81060A0B0C0D)
000106: *Jan 28 2012 10:23:10.723 UTC: Ce0/0/0 IPCP:    SecondaryDNS 10.11.12.14 (0x83060A0B0C0E)
000107: *Jan 28 2012 10:23:11.411 UTC: Ce0/0/0 IPCP: I CONFREQ [REQsent] id 1 len 4
000108: *Jan 28 2012 10:23:11.411 UTC: Ce0/0/0 IPCP: O CONFACK [REQsent] id 1 len 4
000109: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 3 len 22
000110: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    Address 122.63.xxx.xxx (0x03067A3F5495)
000111: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    PrimaryDNS 202.27.156.72 (0x8106CA1B9C48)
000112: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    SecondaryDNS 202.27.158.40 (0x8306CA1B9E28)
000113: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 4 len 22
000114: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    Address 122.63.xxx.xxx (0x03067A3F5495)
000115: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    PrimaryDNS 202.27.156.72 (0x8106CA1B9C48)
000116: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    SecondaryDNS 202.27.158.40 (0x8306CA1B9E28)
000117: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP: I CONFACK [ACKsent] id 4 len 22
000118: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    Address 122.63.xxx.xxx (0x03067A3F5495)
000119: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    PrimaryDNS 202.27.156.72 (0x8106CA1B9C48)
000120: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP:    SecondaryDNS 202.27.158.40 (0x8306CA1B9E28)
000121: *Jan 28 2012 10:23:11.415 UTC: Ce0/0/0 IPCP: State is Open
000122: *Jan 28 2012 10:23:11.419 UTC: Ce0/0/0 IPCP: Install negotiated IP interface address 122.63.xxx.xxx
000123: *Jan 28 2012 10:23:11.463 UTC: Ce0/0/0 DDR: dialer protocol up
C1841#

Dissconnecting due to lack of traffic.
C1841#
000125: *Jan 28 2012 10:47:58.359 UTC: Ce0/0/0 DDR: idle timeout
000126: *Jan 28 2012 10:47:58.359 UTC: Ce0/0/0 PPP: Sending Acct Event[Down] id[5]
000127: *Jan 28 2012 10:47:58.359 UTC: Ce0/0/0 IPCP: State is Closed
000128: *Jan 28 2012 10:47:58.359 UTC: Ce0/0/0 PPP: Phase is TERMINATING
000129: *Jan 28 2012 10:47:58.359 UTC: Ce0/0/0 LCP: O TERMREQ [Open] id 4 len 4
000130: *Jan 28 2012 10:47:58.375 UTC: Ce0/0/0 LCP: I TERMACK [TERMsent] id 4 len 4
000131: *Jan 28 2012 10:47:58.375 UTC: Ce0/0/0 LCP: State is Closed
000132: *Jan 28 2012 10:47:58.375 UTC: Ce0/0/0 PPP: Phase is DOWN
000133: *Jan 28 2012 10:47:58.379 UTC: Ce0/0/0 DDR: disconnecting call
000134: *Jan 28 2012 10:48:00.375 UTC: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to reset
000135: *Jan 28 2012 10:48:05.511 UTC: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down
000136: *Jan 28 2012 10:48:15.375 UTC: Ce0/0/0 DDR: re-enable timeout
C1841#
 

 

 

Resolve Cisco's %ENVMON-4-RTC

%ENVMON-4-RTC: The Real Time Clock may have battery problem or it has not been set to the current time


You may receive the above error message if a battery in a Cisco 1841 or similar router has been replaced or gone flat.
Despite what the Cisco website says the battery is user replaceable.
If you have replaced the battery you can easily clear the error by setting the Real Time Clock again which is powered by the battery.
 
Steps to resolve:
1. Update the clock either manually setting the time or use NTP
Router#clock set 23:59:00 20 Jan 2000
 
2. Update current clock to internal Real Time Clock.  
Router#clock update-calendar

Extra Clock Options:
Router#clock ?
read-calendar Read the hardware calendar into the clock
set Set the time and date
update-calendar Update the hardware calendar from the clock
 

 

Trixbox Upgrade

I have finally got around to upgrading Trixbox onto a new low power consumption Intel Atom computer.
The old machine was a HP D510 desktop with a Intel P4 2Ghz CPU and 512Mb ram. It ran Trixbox 2.6.2.2 flawlessly for the last two years or so. The machine drew about 70-80watts of power which was not really cost effective for the use the machine gets. Trixbox itself does not need much CPU grunt to get it running with a few extns hanging off it so the Atom is the perfect fit.

The new parts:
1 x Intel BOXD525MW Motherboard, Intel NM10, 2xDDR3, VGA, Mini-ITX = $121.90
1 x Kingston KVR1066D3S8S7/2G, 1x2GB, DDR3-1066, PC3-8500, CL7, SODIMM = $21.51
Total $141.25 inc GST

The new machine is a Intel Desktop Board D525MW which has Intel Atom D525 1.8Ghz processor soldered on and relies on the NM10 Express Chipset. It has a fanless heat sink and is complete with Integrated Graphics, Gigabit Ethernet and a single PCI and PCI-E mini slots for any add in cards. I disabled the on-board Audio in bios since it will not be used with Trixbox.
2Gb of Kingston DDR3-1066 Ram has been installed which should be more than enough. I was presently surprised how cheap the RAM was. I already had a spare Western Digital 120Gb 3.5 120GB drive to use. The new machine now uses around 30-40 watts of power.

Trixbox 2.8.0.4 was installed ok however I was left with some challenges.

First off was trying to install the on-board Gigabit Ethernet NIC. For some reason Trixbox detected it as the wrong NIC (a Realtek R8169) instead of R8168B/8111B. Supposedly the later kernel versions resolve this issue.
I managed to get around this by temporally installing a spare 3Com 10/100 PCI card to get the network running to download the latest drivers and installing “Kernel-Devel” and “GCC” to get the drivers compiled and installed.

The second issue was getting my AX-100P Analogue FXO card working. I use this card as an email based answer phone for the analogue POTS line.
Previously on Trixbox 2.6 it used the Zaptel drivers, with Trixbox 2.8 this now uses DAHDI which I hadn’t used before.
I managed to get the card configured automatically using “dahdi_genconf” command and checking the channels where ok. When making some test calls the card would not automatically hang up the line after a message was left. After some more research and trial and error I found out that adding “busydetect=yes” and “busycount=5” into chan_dahdi.conf resolved these issues.

ToDo:
I have installed the mainboard in an old Mid Tower ATX case for now. I need to buy a smaller case for it when I get the chance. Something like a cube home theatre PC case. The only hassle with this is that the AX-100P Analogue FXO card has a full height PCI bracket on it.

Recommended Access Port configuration for Cisco Switches

Commonly most Network engineers will only put in the bare minimum configs (in blue) to get the network running. In reality this can cause disastrous problems for your network future.
If you are setting up new or rolling out updated Cisco Switch config’s you might want to consider the below commands (in red) as part of your default template. These should be your minimum requirements however you may need to adjust for your setup.

In the scenarios below I have used VLan 10 for data and 11 for voice

Scenarios:

Access Port with no Voice:
interface range FastEthernet0/1 - 24
 description DATA
 switchport mode access
 switchport access vlan 10
 no snmp trap link-status
 storm-control broadcast level 4.00
 storm-control multicast level 10.00
 storm-control action shutdown
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable

Standard Access Port with Cisco VoIP Phones:
interface range FastEthernet0/1 - 24
 description DATA+VOICE
 switchport mode access
 switchport access vlan 10
 switchport voice vlan 11
 no snmp trap link-status
 storm-control broadcast level 4.00
 storm-control multicast level 10.00
 storm-control action shutdown
 storm-control action trap
 auto qos voip cisco-phone
 spanning-tree portfast
 spanning-tree bpduguard enable

Standard Access Port with non Cisco VoIP Phones:
interface range FastEthernet0/1 - 24
 description DATA+VOICE
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,11
 switchport mode trunk
 no snmp trap link-status
 storm-control broadcast level 4.00
 storm-control multicast level 10.00
 storm-control action shutdown
 storm-control action trap
 auto qos voip trust
 spanning-tree portfast
 spanning-tree bpduguard enable


A brief description of the commands:

description
It’s always nice to have a meaningful description on an Interface especially if you have a team of Network Engineers who can’t be across every device plugged into the network. Access ports are easy and don’t generally need complicated descriptions. 

switchport mode access
Set’s the port as an access port mode where typically only one vlan is allowed to send and receive traffic.

switchport access vlan 10
When used with “switchport mode access” it configures the switch to the correct access vlan. In this case vlan 10 (Data Vlan)

switchport voice vlan 11
When used with “switchport mode access” and "switchport access vlan 10" it configures the switch to the correct voice vlan. In this case vlan 11 (Voice Vlan). The switch also tells the Cisco phone via CDP which voice vlan to use. In reality the port then becomes a trunk port when a cisco phone is plugged in. The voice (vlan 11) traffic becomes tagged while the data (vlan 10) traffic is still untagged.

switchport mode trunk
Hard sets the interface into trucking mode where multiple vlan can traverse through that interface.
If you happen to run non cisco phones you will need to setup your interfaces this way as these phones won’t understand the CDP information sent out from the switch.
Note you may need to issue “switchport trunk encapsulation dot1q” before the command can be issued. This specifies which trunking protocol to use, in this case IEEE 802.1Q which is the most commonly used.

switchport trunk native vlan 10
When used with “switchport mode trunk” it specifies which vlan is to have all the vlans traffic untagged when the traffic exits the interface. In this case vlan 10 (data vlan)

switchport trunk allowed vlan 10,11
This command only allows the specified vlans to traverse through the interface, You want to restrict the amount of vlans going through the interface as much as possible to reduce the amount of broadcast traffic and security purposed. I also recommend you do not allow vlan 1 to travers through trunks

no snmp trap link-status
If you are using monitoring software which receive SNMP traps from your switches I recommend using command if you do not care about Users/PC ports going up and down. This can reduce load on the switch CPU and hundreds of events in your monitoring software. Remember not to put this commands on your important uplinks etc.

storm-control broadcast level 4.00 (in per cent %)
storm-control multicast level 10.00 (in per cent %)
storm-control action shutdown
storm-control action trap
I recommend you apply some kind of broadcast and multicast control on your network access ports. This can help in the event of virus outbreaks etc. If running an application such as Ghostcast you will however need to avoid these commands.
With the “storm-control broadcast level 10” command used alone it will start dropping broadcasts at 10% and above.
With “storm-control action shutdown” configured, if the configured % values are reached the switch will automatically shut down the interface. You will then have to manually issue a “no shut” on the interface. You can also configure errdisable recovery to automatically bring the interface back up after a specified about of time.
The “storm-control action trap” command will send a SNMP trap whenever the configured % value is reached.

auto qos voip cisco-phone
If you are running cisco phones on your network this command can save a lot of hassle of configuring all interfaces with the correct qos settings. As a word of warning some of the older IOS versions appear to not completely configure all the required settings and/or may need some adjustment afterwards. Please upgrade the IOS first and check that “priority-queue out” gets put into the interface config.

spanning-tree portfast
Highly recommended on Access Ports. This will bring up an Interface into the forwarding state almost instantly instead of the usual 30 seconds spanning-tree usually takes. Saves a lot of issues on windows domain networks and DHCP.

spanning-tree bpduguard enable
Another highly recommended command. If a switch detects a spanning-tree BPDU enter on the specified interface from another cisco device it will automatically shut down the interface. This is common situation where someone has plugged in a non-authorised cisco switch into the network or if someone has tried to create a loop in the network. This allows the Network Admin to gain more control of how devices are plugged into the network. Errdisable recovery can be configured to bring the interface back up after a specified amount of time. (say if a cable was plugged in by mistake and has been resolved)

 

Chorus / Telecom Cabinetisation

Telecom have started to install Cabinets in our area to reduce the Local Loop distance. This is to increase ADSL and VDSL line speeds. We are not able to get reliable ADSL2+ in our area due to the distance to the Howick (HCK) Exchange. I have hard set the router to connect at itu-dmt (original ADSL) as it tries to connect at ADSL2+ however the connection is flaky and drops out every hour or so.

According to the Chorus website we will be migrated to the new HCK/AF Cabinet around 7/12/2010.

This blog is to compare the before and after ADSL connection speeds. Hopefully we should get a major speed increase as the new cabinet will not be that far away. I will update this blog again once we have been cutover.


Edit: Its now post cabinetisation and we now have been upgraded. As you can see below we have had a vast improvement in speed. The line is stable which also helps. It didn’t go without it's dramas though, We lost Internet for just more than 24 hours due to a DSLAM (the equipment in the cabinet) was miss configured for my ISP. This website, Shelly Park weather station and my emails when down. The router could receive the ADSL carrier and show the new line rate however it would not establish a PPP connection. Thanks to Maxnet who kept the pressure on Telecom to get the issue resolved.


Below is a dump from our Cisco 877 ADSL2+ capable router (BEFORE):

As you can see the router connects at 5600kbps download and 832kpbs upload.

sh dsl int atm 0
ATM0
Alcatel 20190 chipset information
                 ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.1 (G.DMT) Annex A
ITU STD NUM:     0x01                            0x1
Vendor ID:       'STMI'                          'BDCM'
Vendor Specific: 0x0000                          0x9191
Vendor Country:  0x0F                            0xB5
Chip ID:         C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Capacity Used:   98%                             98%
Noise Margin:    10.5 dB                         13.0 dB
Output Power:    18.5 dBm                        12.5 dBm
Attenuation:     48.0 dB                         28.5 dB
FEC ES Errors:    0                               0
ES Errors:       109                              6
SES Errors:       0                               0
LOSES Errors:     0                               0
UES Errors:       0                               0
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x73
Watchdog Resets: 1
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      15337 (0 spurious)
PHY Access Err:  0
Activations:     2
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded
FW Version:      3.0.14
 --More--        
                 Interleave             Fast    Interleave              Fast
Speed (kbps):          5600                0           832                 0
Cells:             20833721                0     509738780                 0
Reed-Solomon EC:      58897                0           203                 2
CRC Errors:             195                0             4                 1
Header Errors:          177                0             3                 2
Total BER:                 2033E-10                       0E-0
Leakage Average BER:       1094E-12                       0E-0
                           ATU-R (DS)                     ATU-C (US)
Bitswap:                   enabled                        enabled
Bitswap success:           0                              0
Bitswap failure:           0                              0
LOM Monitoring : Disabled
 

Below is a dump from our Cisco 877 ADSL2+ capable router (AFTER):

sh dsl int atm 0
ATM0
Alcatel 20190 chipset information
                ATU-R (DS)                      ATU-C (US)
Modem Status:    Showtime (DMTDSL_SHOWTIME)
DSL Mode:        ITU G.992.5 (ADSL2+) Annex A
ITU STD NUM:     0x03                            0x2
Chip Vendor ID:  'STMI'                          'IKNS'
Chip Vendor Specific:  0x0000                    0x0000
Chip Vendor Country:   0x0F                      0xB5
Modem Vendor ID: 'CSCO'                          '    '
Modem Vendor Specific: 0x0000                    0x0000
Modem Vendor Country:  0xB5                      0x00
Serial Number Near:    FHK095120DF
Serial Number Far:
Modem VerChip ID:        C196 (0)
DFE BOM:         DFE3.0 Annex A (1)
Capacity Used:   100%                            100%
Noise Margin:    12.0 dB                         12.0 dB
Output Power:    20.0 dBm                        12.5 dBm
Attenuation:      9.0 dB                          5.0 dB
FEC ES Errors:    0                               0
ES Errors:        1                               0
SES Errors:       1                               0
LOSES Errors:     1                               0
UES Errors:       0                               0
Defect Status:   None                            None
Last Fail Code:  None
Watchdog Counter: 0x0F
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction:     0x00
Interrupts:      6113 (0 spurious)
PHY Access Err:  0
Activations:     1
LED Status:      ON
LED On Time:     100
LED Off Time:    100
Init FW:         init_AMR-3.0.014_no_bist.bin
Operation FW:    AMR-3.0.014.bin
FW Source:       embedded
FW Version:      3.0.14

                 DS Channel1      DS Channel0   US Channel1       US Channel0
Speed (kbps):             0            17425             0               828
Cells:                    0          8114755             0           8489229
Reed-Solomon EC:          0                0             0                 0
CRC Errors:               0               62             0                 0
Header Errors:            0               25             0                 0
Total BER:                0E-0           3356E-11
Leakage Average BER:      0E-0           3177E-11
Interleave Delay:         0                1             0                54
                        ATU-R (DS)      ATU-C (US)
Bitswap:               enabled            enabled
Bitswap success:          0                   0
Bitswap failure:          0                   0

LOM Monitoring : Disabled

How to Recalibrate an APC UPS

If you are finding the run time on a APC UPS is not the best as it could be or you have installed new battery’s it time to do a Recalibration.
 
It’s quite an easy thing to do and it should not cause disruption to your powered equipment.
 
First of all you need the correct Serial Cable to connect to the UPS. They are usually black serial RS-232 cables with the Part Number 940-0024C. If you don’t have one of these cables you can easily make these cables if you are electronically minded. There are pin outs available on the internet.
 
Connect the UPS via serial cable to a machine that has a terminal client installed. This can be HyperTerminal or TeraTerm. In this case im using TeraTerm. Open the software, A new connection window will appear and select “Serial” and choose which port you want to use. Click “OK’
 
Now we need to change the Baud rate from the default 9600 to 2400. To do this go into “Setup” select “Serial Port” and change the “Baud Rate”, Click “OK” and you should be ready.
 
To make the UPS talk in “Smart Mode” and before anything will work enter a capital Y. The UPS should return SM.
 
If you want to check the Power Load enter in capital P and it will show the load in % of the UPS VA rating.
To check Battery Levels enter in lower case f (see screenshot – in this case 32.5% load and 48% battery charge)
 
 
The Battery’s need to be changed to 100% before the test will start.
 
To start the test enter a capital D
 
The UPS will then run on battery till around 25% battery remaining. This can take time depending on which battery’s you have installed and load. The beeping will drive you mad.  It will then switch back on mains power. You should load the UPS around 30 to 40% load. If you wish to cancel the calibration you can hit D again anytime and it will revert back to mains power.
 
I would recommend doing this Calibration every 6 – 12 months. Don’t do it any sooner than this as deep cycling the battery’s does reduce the life of them. A load of less that 40% does not put as much stress on the battery’s. You can sometimes hear the gases escaping the battery’s when in a discharge cycle.
 
Syndicate content