Configuring Cisco LTE eHWIC

Taken from Cisco's 'Planning Guide: Verizon Internet Access with VPN for Cisco LTE eHWIC/GRWIC/819'. Also
Table of Contents



  1. show cellular 0/x/0 network
  2. show cellular 0/x/0 radio
  3. show cellular 0/x/0 profile
  4. show cellular 0/x/0 security
  5. show cellular 0/x/0 all

ISR LTE eHWIC - Intrnt Cfg Prim Access with DMVPN, No NAT & No Split Tunnel

service internal (enables LTE test cell enable mode commands)
chat-script ltescript "" "AT!CALL1" TIMEOUT 20 "OK" (make data call)
!***IKE/IPsec DMVPN hub definition
crypto isakmp policy 1 (IKE/IPsec phase 1 Def)
 encr aes
 authentication pre-share
 group 2 (diffie helman group)
crypto isakmp key DaKey address xx.yy.zz.aa (use with this addr (can be
crypto ipsec transform-set TRANSFORMSET_1 esp-aes esp-sha-hmac (ike phase 2 
crypto ipsec profile SDM_Profile1
 set transform-set TRANSFORMSET_1
!***Tunnel interface for DMVPN
interface Tunnel0
 description $FW_INSIDE$
 bandwidth 1000 (set bw for int to 1 meg or whatever is allowed)
 ip address (gre addr?)
 no ip redirects (int/rtr cannot send icmp redirects)
 no ip unreachables (int/rtr cannot snd icmp unreachables - sec measure)
 no ip proxy-arp (can't advertise for other addr ranges)
 ip hello-interval eigrp 1 300 (adjust hello interval to conform to Verizon Contract)
 ip hold-time eigrp 1 600 (how long rtr considers neighbor alive without receiving hello packet)
 ip policy route-map clear-df (clear 'do not fragment' bit)
 ip nhrp authentication NhRpKeY
 ip nhrp map xx.yy.zz.aa (in order to get to this gre addr go here)
 ip nhrp map multicast xx.yy.zz.aa (optional multicast map)
 ip nhrp network-id 123451
 ip nhrp holdtime 3600 (how many seconds to stay up waiting for hello)
 ip nhrp nhs xx.yy.zz.aa (next hop server - central)
 ip nhrp registration no-unique
 ip route-cache flow
 delay 1000 (delay param for eigrp - increase to make less attractive)
 qos pre-classify (apply qos to internal packet not tunnel)
 tunnel source GigabitEthernet0/0
 tunnel destination xx.yy.zz.aa
 mode gre multipoint (optional if you want dynamic multipoint)
 tunnel key 100000
 tunnel protection ipsec profile SDM_Profile1
 ip mtu 1400 (optional if need to adjust for encaps gre ipsec etc may put in ext interface...)
 ip tcp adjust-mss 1360 (optional if need to adjust for encaps gre ipsec etc may put in ext interface)
interface Loopback1
ip address
interface GigabitEthernet0/0
ip address
ip tcp adjust-mss 1300
ip policy route-map clear-df (map below)
interface GigabitEthernet0/1
ip address
ip tcp adjust-mss 1300
ip policy route-map clear-df (map below)
!*** Cellular interface
interface Cellular0/0/0
 ip address negotiated (receives Pool/WAN IP (dyn or stat) from P-GW)
 no ip unreachables
 encapsulation slip (or ppp)
 load-interval 30 (what are average load-interval stats calculated over)
 dialer in-band (cfgs int to supp dial on demand rtng, specifies that chat script be used for dialing out)
 dialer idle-timeout 0 (avoid disconnection of ppp/slip connection in event that no traffic for a specified time)
 dialer enable-timeout 6 (how long interface remains down when it goes down)
 dialer string ltescript (what script is called to bring up interface)
 dialer watch-group 1 (watchdialer watch-list 8 to see if that route goes away, before bringing up this interface)
 async mode interactive (enables slip and ppp commands in privileged EXEC mode)
router eigrp 1
 no auto-summary
!***static route allowing traffic for DMVPN head end out LTE connection.  No other traffic permitted
ip route xx.yy.zz.aa Cellular
!***Route map clears DF bit for packets exiting LTE interfaces
route-map clear-df permit 10
 set ip df 0
!***what route to watch to trigger Dial-on-Demand for Cellular interface
dialer watch-list 1 ip a.b.c.d
dialer watch-list 1 delay route-check initial 60 (check whether route is up 60 seconds after startup)
dialer watch-list 1 delay connect 1 (wait 1 second to verify primary link is still down before dialing secondary link)
line 0/0/0 (actual line that comes with cell interface)
 script dialer ltescript (add chat script to the line as well as the cellular interface)
 modem InOut
 no exec
 transport input telnet


show i nhrp detail via (my addr/tunnel addr)
 Tunnel0 created 00:00:24, expire 01:59:35
 Type: dynamic.  Flags: unique registered used
 NBMA address: (internet public addr)