Defining "Interesting" traffic for Acync Cellular

Unanswered Question
Aug 13th, 2010

We are using Cisco's Cellular PCEX-3G-CDMA-V async interface for Internet access. Works wonderfully and very fast.  Everything seems to be operating correctly except for defining interesting traffic to control the link.

Inintally the link is dialed based on "interesting" traffic from the local net (172.21.102.26) as seen from the debug output (below) but after the link is up/up, 172.26.102.26 is no longer seen as interesting nor uninteresting traffic.

Before I denied UDP port 53 (DNS queries) DNS queries sourced from the Cell negotiated IP address  was the only traffic seen and this traffic was classified as "interesting". The dialer time-out value continued to update. Only when I closed my browser (idle) did the dialer time-out value decrease to 0 and bring down the link - worked as expected.

Now I have the ACL set to ANY ANY for interesting traffic and I get nothing as interesting - the time-out value decreases to 0 regardless of how much traffic I send or receive.

Perhaps I need to setup an interface group-async inconjunction with the physical cell0 interface????

ANYONE know what I am missing - perhaps my NAT is setup incorrectly?????????

Router# sh debug
Dial on demand:
   Dial on demand events debugging is on
   Dial on demand packets debugging is on

*Aug 13 13:41 %SEC-6-IPACCESSLOGP: list 108 permitted tcp 172.21.102.26(2778)-> 66.220.153.11(80), 1 packet 
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=66.220.153.11), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: place call
*Aug 13 13:41 Ce0 DDR: Dialing cause ip (s=172.21.102.26, d=66.220.153.11)
*Aug 13 13:41 Ce0 DDR: Attempting to dial cdma
*Aug 13 13:41 CHAT3: Attempting async line dialer script
*Aug 13 13:41 CHAT3: Dialing using Modem script: cdma & System script: none
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=157.166.226.31), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=157.166.224.160), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=65.216.161.27), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=66.220.153.11), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 CHAT3: process started
*Aug 13 13:41 CHAT3: Asserting DTR
*Aug 13 13:41 CHAT3: Chat script cdma started
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=192.221.110.126), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=69.88.152.250), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 CHAT3: Chat script cdma finished, status = Success
*Aug 13 13:41 %SEC-6-IPACCESSLOGP: list 108 permitted tcp 172.21.102.26(2776) -> 98.142.98.40(80), 1 packet 
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=98.142.98.40), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=98.142.98.40), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 Ce0 DDR: ip (s=172.21.102.26, d=208.68.171.10), 40 bytes, outgoing interesting (list 108)
*Aug 13 13:41 %LINK-3-UPDOWN: Interface Cellular0, changed state to up
*Aug 13 13:41 Ce0 DDR: Dialer statechange to up
*Aug 13 13:41 Ce0 DDR: Dialer call has been placed
*Aug 13 13:41 Ce0 DDR: dialer protocol up
*Aug 13 13:42 %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0, changed state to up
Router#

!#########################################

Router# sh dialer

Ce0 - dialer type = IN-BAND ASYNC NO-PARITY
Idle timer (180 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=172.21.102.26, d=66.220.153.11)
Time until disconnect 89 secs
Current call connected 00:01:33
Connected to cdma

Dial String      Successes   Failures    Last DNIS   Last status
cdma                    21          0    00:01:33       successful   Default


Router# sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Cellular0                  75.192.216.163  YES IPCP   up                    up     
FastEthernet0              unassigned      YES unset  up                    down   
FastEthernet1              unassigned      YES unset  up                    down   
FastEthernet2              unassigned      YES unset  up                    down   
FastEthernet3              unassigned      YES unset  up                    up     
FastEthernet4              unassigned      YES NVRAM  administratively down down   
Loopback0                  unassigned      YES NVRAM  up                    up     
NVI0                       unassigned      YES unset  administratively down down   
Tunnel8                    unassigned      YES NVRAM  up                    down   
Vlan1                      unassigned      YES NVRAM  administratively down down   
Vlan8                      172.21.102.1    YES NVRAM  up                    up     

!$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

*Aug 13 13:44 %SEC-6-IPACCESSLOGP: list 108 denied udp 75.192.216.163(54690)-> 208.67.222.222(53), 1 packet 
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 59 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 56 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 56 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 %SEC-6-IPACCESSLOGP: list 108 denied udp 75.192.216.163(55827)-> 208.67.222.222(53), 1 packet 
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 57 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 61 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 %SEC-6-IPACCESSLOGP: list 108 denied udp 75.192.216.163(64454)-> 208.67.222.222(53), 1 packet 
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 62 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 62 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 63 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 %SEC-6-IPACCESSLOGP: list 108 denied udp 75.192.216.163(56680)-> 208.67.222.222(53), 1 packet 
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 59 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 61 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 62 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 63 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 63 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 61 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 64 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 62 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 61 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 67 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 64 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 69 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 62 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 58 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 68 bytes, outgoing uninteresting (list 108)
*Aug 13 13:44 Ce0 DDR: ip (s=75.192.216.163, d=208.67.222.222), 68 bytes, outgoing uninteresting (list 108)

Router# sh access-list 108
Extended IP access list 108
    10 deny udp any any eq domain log (170 matches)
    20 permit ip any any log (11 matches)

!@@@@@@@@@@@@@@@@@@@@@

Router# sh run
version 12.4
hostname Router
!
boot-start-marker
flash:c880data-universalk9-mz.124-22.T2.bin
boot-end-marker
!
ip dhcp excluded-address 172.21.102.1 172.21.102.25
!
ip dhcp pool 172.21.102.0/24
   network 172.21.102.0 255.255.255.0
   default-router 172.21.102.1
   dns-server 208.67.222.222
!
ip cef
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"
!
vlan 8
name Local-Net
!
interface FastEthernet0
switchport access vlan 8
no cdp enable
spanning-tree portfast
!
interface Cellular0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer in-band
dialer idle-timeout 180
dialer string cdma
dialer-group 1
async mode interactive
no peer default ip address
no fair-queue
ppp ipcp dns request
!
interface Vlan8
description Local
ip address 172.21.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip nat inside source route-map nat-cell interface Cellular0 overload
!
access-list 1 permit 172.21.102.0 0.0.0.255
access-list 23 permit 172.21.102.0 0.0.0.255
access-list 108 permit tcp host 172.21.102.26 any eq www
access-list 108 permit udp host 172.21.102.26 any eq domain
access-list 108 permit tcp host 172.21.102.26 any eq 443
access-list 108 permit ip any any
access-list 109 permit ip host 172.21.102.26 any
!
dialer-list 1 protocol ip list 108
!
route-map nat-cell permit 10
match ip address 109
match interface Cellular0
!
line 3
exec-timeout 0 0
script dialer cdma
login
modem InOut
no exec
rxspeed 3100000
txspeed 1800000

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode