CategoryCisco

Cellular backup (again) via Google’s Project Fi, a Cisco 3825 and an HWIC-3G-GSM

I get really poor signal with TMo and Sprint in my area, but I am using Project Fi for my cellular service. I figured I’d grab one of their free SIMs and put my HWIC-3G-GSM back in service. Unfortunately.. I get really poor signal. Like -102dB RSSI! I’m going to have to see if I can get a cheap TNC antenna with a cord long enough to put it outside; for some reason I can get good signal according to my Nexus 5X — even getting LTE just by stepping outside.

For now I figured I’d get the basic configuration done. Even with little to go by it was fairly easy to setup — especially as most cell carriers don’t have PAP/CHAP authentication.


router(config)#
chat-script gsm "" "ATDT*99#" TIMEOUT 30 CONNECT
!
interface Cellular0/0/0
 description Project Fi - TMobile
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer in-band
 dialer idle-timeout 360 either
 dialer string GSM
 dialer-group 1
 async mode interactive
 ppp chap hostname h2g2
 ppp chap password 0 ""
 ppp ipcp dns request
!
ip nat inside source list 1 interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
!
line 0/0/0
 script dialer GSM
 modem InOut
 no exec
 rxspeed 3600000
 txspeed 384000
!
^Z


router#cellular 0/0/0 gsm profile create 1 h2g2 

Note that you can also pass authentication information in the GSM profile creation; however that isn’t needed for Project Fi.

This was a basic test just to see if I could get connectivity, I’m going to use it as an alternate route to the big cloud that is the internet in the event that I really need access and Time Warner Cable has let me down by abusing maintenance windows daily — as seems to be the case lately!

So far I’ve run into issues; I’d disconnect from the network and not be able to reconnect. Sometimes a modem power-cycle fixes this. I decided to upgrade the crusty old firmware to something slightly less crusty (note: I hate Sierra Wireless modems) — Cisco says “not for use in the US,” however it IS listed for the MC8775 modem on my HWIC and I know people have used it for the same modem in ThinkPads (trusty T61/T61p!) in the US. I couldn’t get it through Cisco as you need a support contract for Sierra Wireless firmware, oddly enough. I was able to find it online, you’d be looking for version 2.0.8.19 — generally named 8775_h2_0_8_19.tar. This of course will depend on the modem in your HWIC as they didn’t all come with MC8775s.

Check your hardware! It’s easy enough to see what modem is on your HWIC even if you don’t want to physically pull it to check it:

cell.wan#sh controllers cellular 0/0/0
Interface Cellular0/0/0
HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz unit 0, 
HWIC cellular modem configuration:
---------------------------
Modem is recognized as valid for this HWIC
manufacture id: 0x00001199 product id: 0x00006812
Sierra Wireless MC8775 UMTS modem.
GPS State: GPS disabled

Pre-upgrade:

cell.wan#sh cell 0/0/0 hardware
Modem Firmware Version = H1_1_8_3MCAP C:/WS/F
Modem Firmware built = 03/08/07
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = NUMBERSHERE
International Mobile Equipment Identity (IMEI) = NUMBERSHERE
Integrated Circuit Card ID (ICCID) = NUMBERSHERE
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) = NUMBERSHERE
Factory Serial Number (FSN) = NUMBERSHERE
Modem Status = Low Power Mode
Current Modem Temperature = 23 deg C, State = Normal
PRI SKU ID = 0, SKU Rev. = 20.0

Upgrade process:

cell.wan#microcode reload cellular 0 0 gsm modem-provision
Reload microcode? [confirm]
Log status of firmware download in router flash?[confirm]
Firmware download status will be logged in flash:fwlogfile
Microcode Reload Process launched for hwic slot=0; hw type=0x51E
cell.wan#
*****************************************************
 The interface will be Shut Down for Firmware Upgrade 
 This will terminate any active data connections.
 Do not make any config changes related to the interface.
*****************************************************
Modem radio has been turned off
*****************************************************
 Modem will be upgraded!
 Upgrade process will take up to 15 minutes. During 
 this time the modem will be unusable.
 Please do not remove power or reload the router during 
 the upgrade process.
*****************************************************
backing up NV data..Could take up to 3 minutes
*Aug 23 10:18:06.423: %LINK-5-CHANGED: Interface Cellular0/0/0, changed state to administratively down++++++++++++++++++++++++++++++
Prepare modem for downloading boot image.
Begin boot image download
Firmware [size:234279 bytes] will be downloaded in 228 segments
Sync indication Successful
Sync indication Successful
***** Boot File Upgrade OK *****
******************************************
The firmware file will be copied in blocks 
from Compact Flash. Please DO NOT remove 
Compact Flash during Upgrade Process. Doing 
so will cause download failure and leave 
modem in unusable state
*******************************************
Begin application image download
Firmware [size:13393280 bytes] will be downloaded in 13129 segments
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Sync indication Successful
Sync indication Successful
***** Application Firmware Upgrade OK *****
Modem Upgrade OK
*Aug 23 10:25:30.179: %CELLWAN-2-MODEM_DOWN: Modem in HWIC slot 0/0 is DOWN
*Aug 23 10:25:46.963: %CELLWAN-2-MODEM_UP: Modem in HWIC slot 0/0 is now UP
*Aug 23 10:25:46.963: %CELLWAN-2-MODEM_DOWN: Modem in HWIC slot 0/0 is DOWN
*Aug 23 10:26:00.191: %CELLWAN-2-MODEM_UP: Modem in HWIC slot 0/0 is now UP
Modem radio has been turned on
*Aug 23 10:26:44.587: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to down

Post-upgrade:

cell.wan#sh cellular 0/0/0 hardware
Modem Firmware Version = H2_0_8_19MCAP G:/WS/
Modem Firmware built = 08/29/08
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) = NUMBERSHERE
International Mobile Equipment Identity (IMEI) = NUMBERSHERE
Integrated Circuit Card ID (ICCID) = NUMBERSHERE
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) = NUMBERSHERE
Factory Serial Number (FSN) = NUMBERSHERE
Modem Status = Online
Current Modem Temperature = 27 deg C, State = Normal
PRI SKU ID = 9991803, SKU Rev. = 1.3

The 2.0.8 line increases the HSDPA downlink speed from 3.6mbit/s to 7.2mbit/s (assuming your signal is acceptable, of course). I’m just hoping it stabilizes my connection and I don’t have to do any actual debugging! After installing the firmware update I had no problems bringing a connection up. So far it seems “more stable,” but only time will tell if it randomly drops. It also gives more information from “show cellular 0/0/0” ..

Once I get an antenna and (hopefully) better signal so I can maintain “usable,” speeds for basic browsing I’ll throw it in the routing table. For now, it can sit to the side as a novelty.

Rearranging The Intranet of Things Part II

I’m sure there will be a lot more posts like this to come. I had formerly moved the edge router to the ‘closet’ (aka the garage, right next to the cable modem and 3560-24PS sitting there) and added another router there to have a routed gig port into my ‘office’ (aka my bedroom with a couple desks).

Today I replaced both routers with a single 7206VXR with an NPE-G1. I had it all configured and everything should’ve worked off the bat, but it didn’t — not exactly, anyway. The routing was perfect, the NAT was great. But I only have a VAM card which doesn’t work with 15.x (only VAM2 cards work with new code), and I didn’t want it doing VPN in software.

So I decided to keep the old WAN router as VPN-only duty. I briefly considered using a 1760 with a VPN module (I have a few), but when I finally get to having decent internet speeds it would choke. The 3825 has an EPII+ card on top of the onboard hardware engine, so it should at the least have no issue keeping up with my internet connection with weak Triple-DES. The only issue is when I went to forward UDP 4500 from the edge router to the VPN router I got:

% Port 4500 is being used by system

I was able to successfully forward ports UDP 500 and ESP, but here I got stumped. I verified there was no crypto config, I tried clearing crypto stuff, I tried disabling software crypto — all with no luck. Googling didn’t give me much to go on, but I finally ran into something showing this error as an IOS-XE bug for 15.2(4)S2 –and I was running 15.2(4)S3 (pure IOS, but basically the same), so being out of options and ideas I decided to just install 15.2(4)M7 and Voila! Problem solved!

Two routers replaced with — two routers, maybe that doesn’t sound very good, but it will allow me to do more at the edge with more ports available directly on the router instead of playing with switches and VLANs/VRFs.

And in case you want to see how my network is physically wired — and this is somewhat simplified, here you are!

Network Diagram

Simplified Network Diagram – 01/01/15

Rearranging The Intranet of Things

So after dealing with a bunch of random dd-wrt based access points I decided to grab some LAP1142Ns off of eBay. I set up a vWLC on the VM machine, and was able to get it going fairly quickly even with no knowledge of Cisco Wireless technology.

So far my throughput is only slightly increased even after moving to 5GHz and having a 3×3 MIMO radio in my laptop.

I added a real router for the upstairs network (3825), and a gig link from the ‘closet’ to my office/workstations. Some of the interconnects in the lab are temporarily dual 100MBit load balanced via EIGRP to alleviate some of the bottlenecks. The LAP1142Ns are limited to 100mbit due to a 3560-24PS being the only POE switch I have, but I never see more than about 60mbit of throughput over wireless, and the port never exceeds 70mbit — so until I get that sorted out it’s not a limitation.

To get more gig links in my ‘office’ (aka my bedroom) I trunked a cheap Dell 5224 to a 3550-12G, replacing the 3550-12T that was formerly there. I wish I could afford newer Cisco gig switches my budget is basically non-existent.

I still need a total network redesign, my routing table is almost laughable:

dswr1.core#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.5.6 to network 0.0.0.0

D 192.168.30.0/24 [90/28928] via 10.255.1.6, 22:58:10, FastEthernet0/16
 [90/28928] via 10.255.1.2, 22:58:10, FastEthernet0/14
 172.17.0.0/16 is variably subnetted, 6 subnets, 2 masks
D 172.17.0.48/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.32/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.16/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.0/28 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.72/29 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.17.0.64/29 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
 172.16.0.0/16 is variably subnetted, 7 subnets, 4 masks
C 172.16.255.0/28 is directly connected, Vlan601
D 172.16.2.8/30 [90/28416] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28416] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.16.2.4/30 [90/28672] via 10.255.1.6, 22:58:18, FastEthernet0/16
 [90/28672] via 10.255.1.2, 22:58:18, FastEthernet0/14
C 172.16.5.4/30 is directly connected, FastEthernet0/24
D 172.16.3.2/32 [90/156672] via 10.255.1.6, 22:58:14, FastEthernet0/16
 [90/156672] via 10.255.1.2, 22:58:14, FastEthernet0/14
D 172.16.1.0/24 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 172.16.3.1/32 [90/156160] via 172.16.5.6, 10:49:53, FastEthernet0/24
 172.18.0.0/28 is subnetted, 1 subnets
D 172.18.0.0 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
D 192.168.99.0/24 [90/28928] via 10.255.1.6, 03:03:00, FastEthernet0/16
 [90/28928] via 10.255.1.2, 03:03:00, FastEthernet0/14
 10.0.0.0/30 is subnetted, 2 subnets
C 10.255.1.4 is directly connected, FastEthernet0/16
C 10.255.1.0 is directly connected, FastEthernet0/14
D 192.168.0.0/24 [90/30720] via 172.16.5.6, 10:49:54, FastEthernet0/24
D 192.168.100.0/24 [90/28672] via 10.255.1.6, 1d00h, FastEthernet0/16
 [90/28672] via 10.255.1.2, 1d00h, FastEthernet0/14
C 192.168.101.0/24 is directly connected, Vlan400
D*EX 0.0.0.0/0 [170/30720] via 172.16.5.6, 10:49:54, FastEthernet0/24

A lot of bit of nothing

As it sometimes happens personal stuff has taken hold of my life and stopped me from doing anything major with anything technology related. I decided that I should pick a little project to pick up some new skills, so I’ll be setting up Cisco’s AIR-CTVM Wireless controller along with a couple LAP-1142Ns 802.11n (draft) access points that I picked up off of eBay to get rid of the DD-WRT APs which haven’t been entirely cooperative. For example, the Netgear WNR834B v2 will only use the base channel assigned with the second channel being two channels above it (currently channels 6 and 8) which is clearly not optimal for throughput.

I’m going to be rearranging my home network to segment it a bit more and do some more with routing. I want to keep the LAPs running off the 3560-24PS with PoE power instead of powering them with external bricks, so unfortunately each AP will be limited to 100mbit of throughput — that’s actually still better than what I get now over the 2.4GHz N AP, so it’ll still be a usable throughput improvement.

I’ll also be able to actually do some L3 segmenting instead of needing to share a VLAN across physical boundaries for the ‘dumb’ AP bridges currently in place.

I’ve been doing some work on IP management software, and while a lot of the back-end functionality is currently there for calculation, I’d like to rewrite some of it for speed. There are parts that are written strictly for readability using strings instead of bit compares, and they’re much slower than I’d like them to be for large address spaces. I should have something interesting to show if I can manage to put a little more time into it.

VM Host, IOS XRv, CSR1000V

I’m trying to get some IOS-XR and IOS-XE VMs machines up. Mostly to play with some of the IOS-XR configurations. After playing around with some Linux networking stuff that I haven’t done in a while I was finally able to get the 801.q trunks through both the Linux bridge and individual VLANs elsewhere. The preconfigured ebtables and iptables rules in Fedora 20 are really annoying, I’ve always preferred to start with Slackware and a blank slate.

So far I have one IOS-XR instance up running successfully and traffic is now normal after I had some weird inter-bridge traffic caused by qemu-kvm.

Ah — the other thing, instead of everyone’s standard VMWare setups, I of course am sticking to my familiar virtualization technologies and running qemu-kvm with all my standard Linux tools. Unfortunately with just a low power dual core AMD E350 and 8GB of RAM at the moment I won’t be running too many instances as XR/XE are really RAM heavy.

Thankfully I’ve kept a separate VLAN and VRF setup on every device for management only so I can (usually) get back into boxes if I break their config without rummaging around for a console cable and USB to RS232 adapter. I really need a 16 port serial card.

So I’m looking at probably 8 XRv instances and 4 XE instances to play with — unfortunately they have to suffer through a 2mbit rate limit so I can’t really use them in my network.. and they are sadly ridiculously resource heavy. But they’ll be fine to learn some of the IOS-XR stuff on, I suppose.

© 2017 Musings

Theme by Anders NorenUp ↑