I got some time to play with my Cisco 1841 router. I buy some card from www.anthonypanda.com.
And bought the following cards:
HWIC-3G-GSM
HWIC-AP-AG
After I got the card, I was so excited to have my toy. Out of excitement and rush to install the sim, while unscrewing the sim card lock mechanism of the HWIC-3G-GSM using just a multi tool (like a swiss knife), I accidentally rub the tool with the external component of the HWIC-3G-GSM card wiping 7 components :-( (resistor, capacitor and Inductor). Wasted one card because I dont know what the value of the component attach. I waited another one month to have another HWIC-3G-GSM card and spend another few hundred bucks. Then I notice the wifi cards doesn't come with two antenna. So I buy another GSM card and two antenna for HWIC-AP card.
After a month I received new GSM cards and antenna for AP. I install with great care the sim and power on the router. I notice that it cannot detect with GSM card. I was using IOS "flash:c1841-advsecurityk9-mz.
124-9.t.bin" on my router. After some googl search, I learn that the router need at least Version 12.4-15 "flash:c1841-advipservicesk9-
mz.124-15.T5.bin" firmware. So I transfer via TFTP a firmware that can work with the router while check the correct RAM and IOS disk size on the existing 32MB Compact flash card installed. I notice that even I install ISO with higher RAM requirement on router, it can still able to run without crashing. I think it depends later on how busy the router traffic later on.
I got this info using show inventory:
Then right now, the CF is already upgrade so I can store larger IOS on 512 MB card.
---------------------------------------------------------------------------------------------------------
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T5, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 30-Apr-08 12:44 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T9, RELEASE SOFTWARE (fc1)
RR uptime is 4 hours, 15 minutes
System returned to ROM by power-on
System image file is "flash:c1841-advipservicesk9-mz.124-15.T5.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 6.0) with 116736K/14336K bytes of memory.
Processor board ID FHK111218U9
2 FastEthernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
1 802.11 Radio
1 Cellular interface
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
500976K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
----------------------------------------------------------------------------------------------------
So I got this setup:
HWIC-GSM - on ip nat outside configuration
HWIC-AP - on ip nat inside configuration
FastEthernet0/0 -on ip nat inside setup
FastEthernet0/0 -on ip nat ouside setup
I put another router on interface F0/0 that was configure as the outside internet configuration using Prolink WNR1004C (that was configure as WIFI client) connecting to our central wifi router (Weird configuration isn't it?) I use this configuration so I dont need to wire to the main router. Then the HWIC-GSM is more of a back-up internet setup.
In this setup, the SSID broadcast is hidden so you will not easily hack my WIFI. :)
RR#conf t
RR(config)#dot11 ssid RR
RR(config-ssid)#guest-mode
Find below a working setup. There are some extra command which I was not able to refine because some setup, i was using the WEB GUI of the router.
Im currently reading O'Reilly Virtual Private Network and what keep me interested is how to use this router as L2TP VPN server for my IPAD. What do you think? I will try and will publish it later.
Forgive me if you see a lot of typo or possible wrong grammar. I got somehow on the spot typing without review.
CIAO! :)
RR#show run
Building configuration...
Current configuration : 3783 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service internal
!
hostname RR
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$4R/k$3a39138Dgh8n79qwOAcCU1
!
no aaa new-model
dot11 syslog
!
dot11 ssid RR
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii 7 03550958525A771B1650495445
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 10.1.12.1
!
ip dhcp pool dhcppool
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 4.2.2.2 192.168.2.254 192.168.1.1
domain-name rr
update arp
!
ip dhcp pool LOCAL_LAN
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
domain-name wr
dns-server 192.168.3.254 4.2.2.2 8.8.8.8
update arp
!
!
ip domain name rojosquared.com
ip name-server 4.2.2.2
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip dhcp-server 192.168.1.1
!
multilink bundle-name authenticated
chat-script gsm "" "ATDT*99#" TIMEOUT 60 "CONNECT"
!
!
!
!
username rr secret 5 $1$O/1B$qlKY52icvTFOdheiGN5NW/
archive
log config
hidekeys
!
!
!
!
ip ssh version 2
!
!
!
interface FastEthernet0/0
description LAN
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface Cellular0/0/0
description Internet
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp chap hostname Cisco
ppp chap password 7 14141B180F0B
ppp ipcp dns request
ppp ipcp route default
!
interface Dot11Radio0/1/0
description WIFI
ip address 192.168.2.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
encryption mode ciphers aes-ccm tkip
!
ssid RR
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
router rip
version 2
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
no auto-summary
!
ip default-gateway 192.168.1.2
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 2 interface Cellular0/0/0 overload
ip nat inside source list 3 interface FastEthernet0/1 overload
!
ip access-list standard AP_ADDRESSES
remark SDM_ACL Category=16
permit 192.168.2.0 0.0.0.255
ip access-list standard NAT_ADDRESSES
remark SDM_ACL Category=16
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
!
access-list 1 remark For Dialer
access-list 1 permit any
access-list 2 remark NAT ACL - Internal LAN Ranges
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 3 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
!
!
!
!
!
!
control-plane
!
!
alias exec s show ip int brief
alias exec sr show run
alias exec ss show start
alias exec snat show ip nat translation
alias exec snati show ip nat translation | include icmp
!
line con 0
exec-timeout 0 0
password 7 045802150C2E0C
logging synchronous
login
line aux 0
password 7 110A1016141D
login
line 0/0/0
exec-timeout 0 0
password 7 070C285F4D06
script dialer gsm
login
modem InOut
no exec
speed 384000
line vty 0 3
password 7 104D000A0618
logging synchronous
login
line vty 4
exec-timeout 60 0
password 7 073F70421E10091607
logging synchronous
login
!
scheduler allocate 20000 1000
end
continued....
I got the GSM verified again if working and I need to add static route on Cellular network.
RR#config terminal
RR(config)#ip route 0.0.0.0 0.0.0.0 cellular 0/0/0
Then create profile with APN for Singtel which is "internet" and a dummy singtel username/password
RR#cellular 0/0/0 gsm profile create 1 internet chap singtel singtel
Profile 1 will be created with the following values:
APN = internet
Authenticaton = CHAP
Username = singtel
Password = singtel
Are you sure? [confirm]
Profile 1 written to modem
Then to create traffic I ping 4.2.2.2 and show the Cellular interface...
RR#show interfaces cellular 0/0/0
Cellular0/0/0 is up, line protocol is up
Hardware is HSDPA/UMTS/EDGE/GPRS-850/900/1800/1900/2100MHz
Description: Internet
Internet address is 119.234.163.146/32
MTU 1500 bytes, BW 384 Kbit, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP, loopback not set
Keepalive not supported
Time to interface disconnect: idle 00:01:59
Last input 00:00:56, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/2/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 288 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 3000 bits/sec, 8 packets/sec
64 packets input, 1332 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
584 packets output, 31540 bytes, 0 underruns
0 output errors, 0 collisions, 10 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Thats it... the router works fine using Cellular Interface connecting to the Internet.
_________________________________________________________________________________
Junjunred -SG / 20131102
