Cisco Managed Cellular Activation Configuration Guide

Managed Cellular Activation

Table 1. Feature History
Feature Name	Release Information	Description
Managed Cellular Activation	Cisco Catalyst SD-WAN Manager Release 20.12.1	The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM. Using Cisco SD-WAN Manager, you can easily configure Managed Cellular Activation for Cisco Catalyst Wireless Gateways, and for pluggable interface modules (PIM) operating in supported routers.
Managed Cellular Activation Support for Cisco Catalyst Rugged Series Routers	Cisco IOS XE Catalyst SD-WAN Release 17.15.1a Cisco Catalyst SD-WAN Manager Release 20.15.1	Specific pluggable interface modules of Cisco Catalyst IR1101 Rugged Series Router and Cisco Catalyst IR1800 Rugged Series Router support the Managed Cellular Activation solution.

Information About Managed Cellular Activation

The Managed Cellular Activation solution provides a programmable subscriber identity module (SIM), called an eSIM, which is a physical SIM card that you can configure with a cellular service plan of your choice. For specific Cisco products that support cellular connectivity, you can order the product with an eSIM preinstalled by Cisco. Use Cisco SD-WAN Manager to configure the eSIM with the details of your plan.

Note

In this context, eSIM refers to a removable SIM pre-installed by Cisco. In other contexts, eSIM can refer to a non-removable SIM embedded in a cellular-enabled device.

Bootstrap Cellular Plan

The Managed Cellular Activation solution comes with a bootstrap cellular plan to provide internet connectivity with a limited amount of data intended only for Day 0 onboarding of the device to your cellular plan. Prepare the configuration in Cisco SD-WAN Manager before powering on and onboarding the device, to avoid running out of the limited data in the bootstrap cellular plan.

Managed Cellular Activation Onboarding

Broadly, the solution includes the following steps:

Order a product with a preinstalled eSIM card.
Set up a plan with a cellular service provider.
In Cisco SD-WAN Manager, create a Managed Cellular Activation configuration for your devices that connects the devices that connect to your cellular plan.

Figure 1. Managed Cellular Activation Onboarding Workflow


Steps	Description
1a	Order a device with an eSIM preinstalled for Managed Cellular Activation.
1b	Order a cellular service account with a carrier.
2	The carrier sends your account information to their SIM management platform to prepare to activate a SIM to operate with your account.
3	Onboard the device to Cisco SD-WAN Manager through Plug and Play (PnP).
4	Use account information from the SIM management platform to create a configuration for Managed Cellular Activation.
5	In Cisco SD-WAN Manager, enable and create a configuration for Managed Cellular Activation.
6	Deploy the Managed Cellular Activation configuration to the device.
7	The device loaded with the eSIM connects to the cellular network.

Benefits of Managed Cellular Activation

The Managed Cellular Activation solution simplifies the process of activating a cellular plan on each cellular WAN device, providing the following benefits:

Easy, fast, and secure deployment
- Zero Touch Provisioning
- Remote setup
- No technical expertise required
Seamless provisioning
- Ease of switching carriers
- No downtime during switchover
Management simplicity
- Cisco SD-WAN Manager integration
- Reduced operational complexity

Supported Devices

Table 2. Platform and Module Support
Platform	First Supported Release	Modules
Cisco Catalyst Wireless Gateway CG113-4GW6	17.12.1a	N/A
Catalyst 8200 Series	17.12.1a	P-5GS6-GL
Catalyst 8200 Series	17.13.1a	P-5GS6-R16SA-GL, P-LTEAP18-GL, P-LTEA-EA, P-LTEA7-NA
Catalyst 8300 Series	17.12.1a	P-5GS6-GL
Catalyst 8300 Series	17.13.1a	P-5GS6-R16SA-GL, P-LTEAP18-GL, P-LTEA-EA, P-LTEA7-NA
ISR 1000 Series	17.12.2	P-5GS6-GL
ISR 1000 Series	17.13.1a	P-5GS6-R16SA-GL, P-LTEAP18-GL, P-LTEA-EA, P-LTEA7-NA
Rugged Router IR1101 Series	17.15.1a	P-5GS6-R16SA-GL, P-LTEAP18-GL, P-LTEA-EA, P-LTEA7-NA, P-LTE-MNA, P-5GS6-GL
Rugged Router IR1800 Series	17.15.1a	P-5GS6-R16SA-GL, P-LTEAP18-GL, P-LTEA-EA, P-LTEA7-NA, P-LTEA7-EAL, P-LTE-MNA

Supported Carriers

AT&T (North America)

Prerequisites for the Managed Cellular Activation Solution

Ensure Cisco SD-WAN Manager has connectivity to the Cisco IoT Control Center. To verify Cisco SD-WAN Manager connectivity to the Cisco IoT Control Center, see Verify Cisco Catalyst SD-WAN Manager's Connectivity to the Cisco IoT Control Center.

Note

If the Cisco SD-WAN Manager is hosted in a private cloud or on-premises, configure the local firewall to allow outbound communication from Cisco SD-WAN Manager (interface VPN 0) on port 443 to Cisco IoT Control Center.

Ensure access to the SIM management platform (for example, Cisco IoT Control Center) account for your cellular plan.

In the Add Account Credentials for a Service Provider procedure, you need the following information from your account:

Account ID
Username
Communication plan
Rate plan
Access point name
Package data network type

API key

Note

For information about retrieving this information from Cisco IoT Control Center, see Generate an API Key in Your SIM Management Portal.

Complete Cisco Smart Account and Virtual Account for Plug and Play onboarding.
Synchronize Smart Account and Cisco SD-WAN Manager:

For devices in a Smart Account to appear in the device list in Cisco SD-WAN Manager, synchronize Cisco SD-WAN Manager with the Smart Account.

Verify Cisco Catalyst SD-WAN Manager's Connectivity to the Cisco IoT Control Center

Before You Begin

Ensure that Cisco SD-WAN Manager has connectivity to the internet through VPN 0.
In a multitenant scenario, only the provider has access to Cisco SD-WAN Manager. In this scenario, the provider performs this procedure.

Verify Cisco Catalyst SD-WAN Manager Connectivity to the Cisco IoT Control Center

From the Cisco SD-WAN Manager menu, choose Monitor > Overview.
In the Summary area, click Manager. A dialog box opens and displays the Cisco SD-WAN Manager instances.
For each Cisco SD-WAN Manager instance, perform the following steps:
1. Click … and choose SSH Terminal.
2. Log in using your Cisco SD-WAN Manager credentials.
3. Use the nslookup command to verify connectivity to a domain over VPN 0. Here, verify Cisco SD-WAN Manager's connectivity to the domain sdo.jasper.com.
  
  If the output shows external IP addresses, it confirms that Cisco SD-WAN Manager has connectivity to the domain. If the output indicates that the command cannot resolve the domain, it indicates that Cisco SD-WAN Manager does not have connectivity to the domain.
  
  The following is an example indicating connectivity to a domain:
```
Device# nslookup vpn 0 sdo.jasper.com
nslookup in VPN 0:
Server:    10.1.0.1
Address 1: 10.1.0.1 dns.google

Name:      sdo.jasper.com
Address 1: 10.1.0.2 apmx-prod1-vip.jasper.com
```

Restrictions for the Managed Cellular Activation Solution

Managed Cellular Activation supports only SIM 0.

For more information about Cisco Catalyst Wireless Gateway, see Cisco Catalyst Wireless Gateway Software Configuration Guide.

For more information about 5G PIM, see Cellular Pluggable Interface Module Configuration Guide.
The Cisco bootstrap account comes with an eSIM assist feature for a device bring up and contains a predefined data limit. This account is designed to facilitate the initial bring up process with a restricted data quota.
The Cisco SD-WAN Manager supports only one Cisco IoT Control Center account per user.
After you configure the eSIM to use your service provider account, you cannot change to a different SP account.
Managed Cellular Activation supports only IPv4 addressing.

Configure the Managed Cellular Activation Solution

The following workflow describes the process of ordering a cellular-enabled device with an eSIM and activating the Managed Cellular Activation solution.

In the Cisco Commerce Workspace, order a cellular-enabled device with a preinstalled eSIM card.
Set up an enterprise account contract with a service provider.
In Cisco SD-WAN Manager, enable configuration of Managed Cellular Activation.
See Enable the Managed Cellular Activation Functionality in Cisco Catalyst SD-WAN Manager.
In Cisco SD-WAN Manager, integrate the account details of your cellular account.
See Add Account Credentials for a Service Provider.
In Cisco SD-WAN Manager, create a configuration group for the devices that use the Managed Cellular Activation solution. See the following:
- Configure the Managed Cellular Activation Solution for a Cisco Catalyst Wireless Gateway
- Configure the Managed Cellular Activation Solution for a PIM Using a Configuration Group in Cisco Catalyst SD-WAN Manager
Deploy the configuration group to devices.
See the Using Configuration Groups section of Cisco Catalyst SD-WAN Configuration Groups, Cisco IOS XE Catalyst SD-WAN Release 17.x.
Power on the router (or Cisco Catalyst Cellular Wireless Gateway) and initiate WAN connectivity.
The device connects to Cisco SD-WAN Manager and the cellular network.

Enable the Managed Cellular Activation Functionality in Cisco Catalyst SD-WAN Manager

From the Cisco SD-WAN Manager menu, choose Administration > Settings.
In External Services, click Managed Cellular Activation—eSIM.
Toggle Enable Managed Cellular Activation—eSIM.
Click Save.
When you are redirected to a single sign-on page for authentication, enter the login credentials of your virtual account.

This enables integration between the SIM management platform, such as Cisco IoT Control Center, and Cisco SD-WAN Manager for Managed Cellular Activation.

Add Account Credentials for a Service Provider

Before You Begin

This procedure creates a set of account credentials for a specific carrier. You can create one or more sets of account credentials. Use the account credentials when configuring Managed Cellular Activation to use a specific carrier.

Prerequisites:

Set up an account with a cellular carrier.
In Cisco IoT Control Center, configure a carrier account and generate an API key specific to the carrier account. For more information on generating API key, see Generate an API Key in Your SIM Management Portal

Add Account Credentials

From the Cisco SD-WAN Manager menu, choose Administration > Integration Management.
Click the Managed Cellular Activation—eSIM Service Provider tab.
Click Add Service Provider Account Credentials.
To add a service provider account, enter the following details:
- Carrier Name
- Account ID
- Username
- API Key
Check the Accept the Terms and Conditions check box.
Click Save
Adjacent to an account, click … in the Action column and choose Edit.
(Optional) To configure defaults to autopopulate parameters, check the Make as default check box.
Based on your selected plan with a carrier, choose Communication Plan, Rate Plan , Access Point Name, Package Data Network Type, and Authentication Method from the drop-down lists.
Click Save.

Configure the Managed Cellular Activation Solution for a Cisco Catalyst Wireless Gateway

Before You Begin

Create a configuration group for Cisco Catalyst Wireless Gateways (Teleworker workflow). For information about creating configuration groups and applying them to devices, see the Using Configuration Groups section of Cisco Catalyst SD-WAN Configuration Groups, Cisco IOS XE Catalyst SD-WAN Release 17.x.

Configure the Managed Cellular Activation Solution for a Cisco Catalyst Wireless Gateway

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Group.
Click … adjecent to a configuration group for a Cisco Catalyst Wireless Gateway and choose Edit.
Click Add Global Profile Feature.
From the feature drop-down list, choose Managed Cellular Activation—eSIM.
(Optional) Click Add Account Credentials to add new account credentials. See Add Account Credentials for a Service Provider.
In the Select Service Provider Account Credentials drop-down list, choose an account.
If the account that you have chosen is configured to autopopulate default settings, then based on your selected plan with a carrier, those settings appear for the Communication Plan, Rate Plan , Access Point Name, Package Data Network Type, and Authentication Method. You can update the default settings according to your requirements.
Click Save.

Configure the Managed Cellular Activation Solution for a PIM Using a Configuration Group in Cisco Catalyst SD-WAN Manager

Before You Begin

Create a configuration group for the Cisco IOS XE Catalyst SD-WAN device. For information about creating configuration groups and applying them to devices, see the Using Configuration Groups section of Cisco Catalyst SD-WAN Configuration Groups, Cisco IOS XE Catalyst SD-WAN Release 17.x.

Configure the Managed Cellular Activation Solution for a Cisco Catalyst Wireless Gateway

From the Cisco Catalyst SD-WAN Manager menu, choose Configuration > Configuration Groups
Click … adjacent to a configuration group for a Cisco IOS XE Catalyst SD-WAN device and choose Edit.
Open the Transport and Management Profile section and click Add Feature.
From the feature drop-down list, choose Managed Cellular Activation Flex Cellular Profile.
Enter the cellular profile name and description.
(Optional) Click Add Account Credentials to add new account credentials. See Add Account Credentials for a Service Provider.
In the Select Account Credentials drop-down list, choose an account.

If the account that you have chosen is configured to autopopulate default settings, then based on your selected plan with a carrier, those settings appear for the Communication Plan, Rate Plan, Access Point Name, Package Data Network Type, and Authentication Method. You can update the default settings according to your requirements.
(Optional) To configure parameters for a separate data profile, check the Set up separate data profile check box.
Click Add Feature and from the drop-down list, choose Managed Cellular Activation Flex Cellular Controller.
Enter a feature name and description for eSIM Cellular Controller.

Configure the Cellular ID based on the slot configuration of your device (for example, Cisco Catalyst 8200 Series, Cisco Catalyst 8300 Series, and ISR1000). Enter the interface slot and port number in which the cellular PIM card is installed. Currently, it can be 0/2/0.

Note

For more information on slot configuration, see the Cellular Controller section in Cisco Catalyst SD-WAN Systems and Interfaces Configuration Guide.

To associate a cellular profile with this feature, in the Attach Profile and Data Profile sections, choose a Cisco eSim Flex Cellular Profile.
Click Save.

Deploy a Configuration Group to Devices

For information about deploying configuration groups to devices, see the Using Configuration Group section of Cisco Catalyst SD-WAN Configuration Groups, Cisco IOS XE Catalyst SD-WAN Release 17.x.

After you begin the deployment, to monitor the status, click View Deployment Status.

Note

It might take several minutes to push configurations to the device and complete the changeover from the bootstrap cellular plan provided by Cisco to your cellular plan, which is called the integrated circuit card identification number (ICCID) swap.

In the Action column, click the logs icon to view the latest status of the swap.
The swap is successful if there are no error messages in the log. You will see a new ICCID in the monitoring page after the swap is successful.

The log is useful for verifying that you have configured a service provider for Managed Cellular Activation. For example, you can verify that Managed Cellular Activation is not using the temporary default cellular plan (bootstrap plan) provided by Cisco.

The log also shows information about the status of deploying a configuration group to its associated devices.

Generate an API Key in Your SIM Management Portal

Before You Begin

Ensure that you have access to the SIM management portal for your carrier—for example, AT&T uses Cisco IoT Control Center as its SIM management portal.

Generate an API Key

Log in to your SIM management portal.

For information about logging in to the portal, refer to your carrier.
Within the portal, generate an API key to use when adding the account credentials for your service provider in Cisco SD-WAN Manager.

For instructions on generating an API key, see the help available within the portal.

Monitor the Data Usage of Managed Cellular Activation

From the Cisco SD-WAN Manager menu, choose Monitor > Devices.
To view the health of every deployed device, choose the device and click Cellular (eSIM).
In the Cellular (eSIM) tab, review the data usage of the current ICCID.

Bias-Free Language

Book Title

Cisco Managed Cellular Activation Configuration Guide

Chapter Title