Out of Band Management Through USB Modem

Effective Cisco IOS XE Release 3.15.0S, the Cisco ASR 920 Series Router provides out-of-band connectivity to manage remotely-deployed cell site routers using the 3G or 4G cellular network through the USB modem (also called the dongle). This OOB connectivity gives the service providers the ability to securely manage their remote cell site routers at anytime from anywhere. This feature also eliminates the need for the onsite or remote IT staff to handle outages.

Out of Band Management feature is not supported in Cisco IOS XE Everest 16.5.1.

Prerequisites for the OOB Management Through USB Modem

  • The Local Mobility Anchor (LMA) must be a Cisco ASR 1000 Series Router.
  • The Mobile Access Gateway (MAG) must be the Cisco ASR 920 Series Router (ASR-920-12CZ-A/D, ASR-920-4SZ-A/D, or ASR 920-10SZ-PD).
  • The dongle can be inserted only in the USB Memory port of the Cisco ASR 920 Series Router.

Restrictions for the OOB Management Through USB Modem

For Cisco IOS-XE Release 3.15.0S:

  • Multi-VRF is not supported on the Cisco ASR 1000 Series Router.
  • Only UDP PMIPv6 tunnels are supported between the LMA and MAG.
  • Only the following dongle are supported:
    • Reliance (ZTE: model- AC2739)
    • Airtel 4G (Huawei: model-E3272)
    • TATA DoCoMo (ZTE: model-MF190)
  • OOB Management using USB Modem works only when the advancemetroipaccess license is enabled.

  • Starting from Cisco IOS-XE 3.15.0S release, you cannot configure or remove an virtual interface, virtualPPP-4001, manually.

Information About the OOB Management Through USB Modem

Figure 1. Sample Topology for OOB Management

Note
By default, the management interface remains in administratively down state until the dongle in inserted and the feature is enabled.

In the above topology, the LMA assigns an IP address to the LMN. The USB modem receives its IP address from the Service Provider. A UDP tunnel is established between the LMA and MAG through the proxy mobile IPv6 (PMIPv6) protocol.

  • Proxy Mobile IPv6 technology—Provides network-based IP mobility management to a mobile node without requiring the participation of the mobile node in any mobility-related signaling. The network is responsible for managing IP mobility on behalf of the host.
  • MAG—Manages mobility-related signaling for a mobile node attached to its access link. It is the first layer 3 attachment node for the mobile clients.

The major functions of MAG are:

    • Assigning an IP address to the loopback address given by the LMA (when LMA assigns an IP address dynamically)
    • Assigning an IP address to the loopback address and sending an update to LMA (in case of static IP address)
    • Tunneling the traffic to the corresponding LMA.
  • LMA—is the topological anchor point for the MAG

The LMA is responsible for assigning addresses to MAG and managing it.

In Cisco IOS-XE 3.15.0S, LMA is hosted on the Cisco ASR1000 Series Router.

Configuring the Management Interface on the MAG

Procedure

  Command or Action Purpose
Step 1

platform usb modem username password

Enables the dongle on the MAG.

The username and password are the mobile numbers of the dongle (without the zero prefix).

Step 2

interface loopback loopback-id

Creates an interface loopback.

Step 3

ip route prefix mask {ip-address } virtualPPP-4001

Creates a route to reach the LMA through the dongle interface (virtual pp interface).

Step 4

exit

Exits the interface.

Step 5

ipv6 unicast-routing

Enables IPv6 routing.

Step 6

ipv6 mobile pmipv6-domain domain-name

Configures common parameters valid across the domain—a logical grouping of the MAG and LMA.

Creates a PMIPv6 domain and configures it by using the configuration from the LMA

Step 7

encap udptunne l

Configures the UDP tunnel encapsulation between the Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA).

Step 8

lma lma-id

Configures an LMA within the PMIPv6 domain and enters PMIPv6 domain LMA configuration mode.

Step 9

ipv4-address ip-address

Configures an IPv4 address for the LMA within the PMIPv6 domain.

Step 10

exit

Exits the interface

Step 11

nai user@realm

Configures a network access identifier (NAI) for the mobile node (MN) within the PMIPv6 domain and enters PMIPv6 domain mobile node configuration mode.

Step 12

lma lma-id

Configures an LMA for the MN.

Step 13

ipv6 mobile pmipv6-mag mag-id domain domain-name

Enables the MAG service on the dongle, configures the PMIPv6 domain for the MAG, and enters MAG configuration mode.

Step 14

address {ipv4 ipv4-address | ipv6 ipv6-address | dynamic}

Configures an IPv4, an IPv6, or dynamic address for a MAG or to configure an IPv4 or an IPv6 address on an LMA.

Step 15

roaming interface type number priority priority-value egress-att access-tech-type label egress-label

Specifies an interface as a roaming interface for a Mobile Access Gateway (MAG) and set its parameters

Step 16

interface loopback loopback-id

Creates an interface loopback.

Step 17

interface GigabitEthernet slot/subslot

The local routing ACL’s are not populated, which affects the locally generated/destined data packets. This command ensures the issue does not arise.

Step 18

lma lma-id domain-name

Configures the LMA for the MAG and enters MAG-LMA configuration mode.

Step 19

ipv4-address ipv4-address

Configures the IPv4 address for the LMA within MAG, for the MAG with LMA, or for the LMA or MAG within the Proxy Mobile IPv6 (PMIPv6) domain.

Step 20

auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii ascii-string | hex hex-string }

Configures authentication for the PMIPv6 domain.

Note 
This authentication should match that at the LMA side, otherwise the UDP tunnel will not be established.
Step 21

logical-mn network-access-identifier

Enables the mobile router functionality in MAG.

Step 22

address {ipv4 ipv4-address | ipv6 ipv6-address | dynamic }

Configures an IPv4, an IPv6, or dynamic address for a MAG or LMA.

Step 23

home interface type

Enables the MAG service on the specified interface.

Configuration Example: MAG Configuration with Dynamic IP Address on Logical MN Interface 


Router(config)# platform usb modem 1234567890
 1234567890
Router(config)# interface loopback 1
Router(config-if)# exit
Router(config)# ipv6 unicast-routing
Router(config)# ip route 0.0.0.0 0.0.0.0 Virtual-PPP4001
Router(config)# ipv6 mobile pmipv6-domain D1
Router(config-ipv6-pmipv6-domain)# encap udptunnel
Router(config-ipv6-pmipv6-domain)# lma LMA1
Router(config-ipv6-pmipv6-domain-lma)# ipv4-address 173.39.88.101
Router(config-ipv6-pmipv6-domain-lma)# exit
Router(config-ipv6-pmipv6-domain)# nai MN5@cisco.com
Router(config-ipv6-pmipv6-domain-mn)# lma LMA1
Router(config-ipv6-pmipv6-domain-mn)# exit
Router(config-ipv6-pmipv6-domain)# ipv6 mobile pmipv6-mag M1 domain D1
Router(config-ipv6-pmipv6-mag)# address dynamic
Router(config-ipv6-pmipv6mag-addr-dyn)# roaming interface Virtual-PPP4001 priority 1 egress-att 3g label etyr
Router(config-ipv6-pmipv6mag-addr-dyn)# interface loopback1
Router(config-ipv6-pmipv6mag-intf)# interface GigabitEthernet0/0/1
Router(config-ipv6-pmipv6mag-intf)# lma LMA1 D1
Router(config-ipv6-pmipv6mag-lma)# ipv4-address 173.39.88.101
Router(config-ipv6-pmipv6mag-lma)# auth-option spi 67 key ascii key1
Router(config-ipv6-pmipv6mag-lma)# logical-mn MN5@cisco.com
Router(config-ipv6-pmipv6mag-logicalmn)# address dynamic
Router(config-ipv6-pmipv6mag-logicalmn)# home interface loopback1

Configuration Example: MAG Configuration with Static IP Address on Logical MN Interface 


Router(config)# platform usb modem 1234567890
 1234567890
Router(config)# interface loopback 1
Router(config-if)# ip address 10.10.10.1 255.255.255.0
Router(config-if)# exit
Router(config)# ipv6 unicast-routing
Router(config)# ip route 0.0.0.0 0.0.0.0 Virtual-PPP4001
Router(config)# ipv6 mobile pmipv6-domain D1
Router(config-ipv6-pmipv6-domain)# encap udptunnel
Router(config-ipv6-pmipv6-domain)# lma LMA1
Router(config-ipv6-pmipv6-domain-lma)# ipv4-address 173.39.88.101
Router(config-ipv6-pmipv6-domain-lma)# exit
Router(config-ipv6-pmipv6-domain)# nai MN5@cisco.com
Router(config-ipv6-pmipv6-domain-mn)# lma LMA1
Router(config-ipv6-pmipv6-domain-mn)# exit
Router(config-ipv6-pmipv6-domain)# ipv6 mobile pmipv6-mag M1 domain D1
Router(config-ipv6-pmipv6-mag)# address dynamic
Router(config-ipv6-pmipv6mag-addr-dyn)# roaming interface Virtual-PPP4001 priority 1 egress-att 3g label etyr
Router(config-ipv6-pmipv6mag-addr-dyn)# interface loopback1
Router(config-ipv6-pmipv6mag-intf)# interface GigabitEthernet0/0/1
Router(config-ipv6-pmipv6mag-intf)# lma LMA1 D1
Router(config-ipv6-pmipv6mag-lma)# ipv4-address 173.39.88.101
Router(config-ipv6-pmipv6mag-lma)# auth-option spi 67 key ascii key1
Router(config-ipv6-pmipv6mag-lma)# logical-mn MN5@cisco.com
Router(config-ipv6-pmipv6-mag-logicalmn)# home interface loopback1

Configuring the LMA

Procedure

  Command or Action Purpose
Step 1

ip local pool pool-name low-ip-address high-ip-address

Configures a pool of IP addresses from which the LMA assigns an IP address to the MAG.

Step 2

ipv6 mobile pmipv6-domain domain-name

Creates a PMIPv6 domain.

Step 3

auth-option spi {spi-hex-value | decimal spi-decimal-value } key {ascii ascii-string | hex hex-string }

Configures authentication for the PMIPv6 domain.

Note 
This authentication should match that at the MAG side, otherwise the UDP tunnel will not be established.
Step 4

encap udptunne l

Configures the UDP tunnel encapsulation between the Mobile Access Gateway (MAG) and the Local Mobility Anchor (LMA).

Step 5

nai user@realm

Configures a network access identifier (NAI) for the mobile node (MN) within the PMIPv6 domain and enters PMIPv6 domain mobile node configuration mode.

Note 
Multiple MAGs can be added in the LMA.
Step 6

network network-name

Associates a network, to which an IPv4 or IPv6 pool can be configured, with an LMA.

Step 7

ipv6 mobile pmipv6-lma lma-id domain domain-name [force ]

Enables the LM) service on the router and configures the Proxy Mobile IPv6 (PMIPv6) domain for the LMA.

Step 8

address ipv4 ipv4-address | ipv6 ipv6-address | dynamic }

Configures an IPv4, an IPv6, or dynamic address for a MAG or LMA.

Step 9

dynamic mag learning

Enables the LMA to accept PMIPv6 signaling messages from any MAG that is not locally configured.

Step 10

network network-name

Associates a network, to which an IPv4 or IPv6 pool can be configured, with an LMA.

Step 11

pool ipv4 name pfxlen length

Specifies the name of the IPv4 address pool, from which a home address is allocated to a mobile node (MN), in the LMA.

Step 12

ip route prefix mask interface-name

Creates a route to reach the MAG through the dongle interface.

Step 13

exit

Exits the interface.

Configuration Example


ip local pool v4pool 10.10.10.0 10.10.10.254
!
ipv6 mobile pmipv6-domain D1
 auth-option spi 64 key ascii 100
 encap udptunnel
 nai MN5@cisco.com
  network net1
ipv6 mobile pmipv6-lma LMA1 domain D1
 address ipv4 173.39.88.101
 dynamic mag learning
 network net1
  pool ipv4 v4pool pfxlen 24
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/2	 
exit

Verifying the Configuration

MAG Call Setup

On the MAG: 


ASR920-MAG# show ipv6 mobile pmipv6 mag binding
Total number of bindings: 1
----------------------------------------
[Binding][MN]: Domain: D1, Nai: MN5@cisco.com
        [Binding][MN]: State: ACTIVE
        [Binding][MN]: Interface: Loopback1
        [Binding][MN]: Hoa: 10.10.10.1, Att: 4, llid: MN5@cisco.com
        [Binding][MN]: HNP: 0
        [Binding][MN][LMA]: Id: LMA1
        [Binding][MN][LMA]: Lifetime: 3600
        [Binding][MN]: Yes
        [Binding][MN][PATH]: interface: Virtual-PPP4001, Label: etyr
                State: PATH_ACTIVE
                Tunnel: Tunnel0
                Refresh time: 300(sec), Refresh time Remaining: 272(sec)
----------------------------------------

On the LMA: 


ASR1000-LMA# show ipv6 mobile pmipv6 lma binding
Total number of bindings: 1
----------------------------------------
[Binding][MN]: State: BCE_ACTIVE
[Binding][MN]: Domain: D1, NAI: MN5@cisco.com
[Binding][MN]: HOA: 10.10.10.1, Prefix: 24
[Binding][MN]: HNP: 0
[Binding][MN][PEER]: Default Router: 10.10.10.0
        [Binding][MN]: ATT: WLAN (4)
                [Binding][MN][PEER1]:LLID: MN5@cisco.com
                [Binding][MN][PEER1]: Id: dynamic_mag165
                [Binding][MN][PEER1]: Lifetime: 3600(sec)
                [Binding][MN][PEER1]: Lifetime Remaining: 3538(sec)
                [Binding][MN][PEER1]: Tunnel: Tunnel0
                [Binding][MN][GREKEY]: Upstream: 1, Downstream: 0
----------------------------------------

Note
If the LMA has bindings to multiple MAGs, use the following command to view a specific MAG:show ipv6 mobile pmipv6 LMA binding nai MN5@cisco.com .

MAG Data Path

  • To verify the dynamic tunnel created between the MAG and the LMA:

show interface tunnel tunnel-number

  • To verify dongle interface status (virtual ppp interface) and tunnel status:

show ip interface brief 


ASR920-MAG# show ip int brief | i Virtual-PPP4001
Virtual-PPP4001        106.216.155.17  YES unset  up                  up
ASR920-MAG# show ip int brief | i Tunnel
Tunnel0                     106.216.155.17  YES unset   up                  up

Note
Addresses assigned to the MN should be from the local pool configured in the LMA.
  • To verify dynamic route map created in MAG:

show route-map dynamic

Debug Commands

The following debugs can be used to debug the call flow information and events.

  • debug ipv6 mobile mag events
  • debug ipv6 mobile mag info
  • debug ipv6 mobile mag api

To view the packet level information messages, use

  • debug ipv6 mobile packets

To clear the PMIPv6 bindings and statistics:

  • clear ipv6 mobile pmipv6 mag binding all
  • clear ipv6 mobile pmipv6 mag binding nai MN-nai

Related Documents

For more information on mobility commands, see the Cisco IOS IP Mobility Command Reference.