Method of Procedure for HNB Gateway Configuration on Redundant Serving Nodes First Published: December 19, 2014 This method of procedure (MOP) provides the HNBGW configuration on redundant Serving nodes on Cisco RMS. The post install script mentioned in the Cisco RMS Install Guide configure_hnbgw.sh script configures the HNBGW information only on the active Serving node. Therefore, to configure HNBGW on a redundant Serving node, follow the procedures in this document. Note: These procedures are only applicable to setups where HNBGW information is configured for the first time on the RMS system and where HNBGW information is not present in the descriptor file during RMS deployment. Adding HNBGW Information on the Redundant Serving Node This procedure adds HNBGW information on the redundant Serving node at the PNR level. 1. Log in to the primary Serving node using ssh as admin user. ssh <serving_node_pri_ip_addr> <input admin_pwd> 2. Switch to root user on primary Serving node. su <input root_pwd> 3. Log in to PNR command prompt. /rms/app/nwreg2/local/usrbin/nrcmd -N cnradmin -P <admin_pwd> Cisco Systems, Inc. www.cisco.com 1
Adding HNBGW Information on the Redundant Serving Node 4. Set the current PNR Session Visibility to a value of 3 nrcmd> set session visibility=3 5. Synchronize the PNR configuration of the primary Serving node with the secondary Serving node present in Site 2 (Active-Active pair). nrcmd> failover-pair femto-dhcp-failover sync exact main-to-backup nrcmd> failover-pair femto-dhcp-failover sync exact main-to-backup 101 Ok, with warnings ((ClassName RemoteRequestStatus)(error 2147577914)(exception-list [((ClassName ConsistencyDetail)(error-code 2147577914)(error-object ((ClassName DHCPTCPListener)(ObjectID OID-00:00:00:00:00:00:00:42) (SequenceNo 30)(name femto-leasequery-listener)(address 0.0.0.0)(port 61610))) (classid 1155)(error-attr-list [((ClassName AttrErrorDetail)(attr-id-list [03 ]) (error-code 2147577914)(error-string DHCPTCPListener 'femto-leasequery-listener' address will be unset. The default value will apply.))]))])) 6. Log in to the redundant secondary Serving node using ssh as admin user. ssh <serving_node_sec_ip_addr> <input admin_pwd> 7. Switch to root user on redundant/secondary Serving node. su <input root_pwd> 2
Adding HNBGW and DHCP Information on the Redundant Serving Node 8. Log in to the redundant/secondary PNR command prompt. /rms/app/nwreg2/local/usrbin/nrcmd -N cnradmin -P <admin_pwd> 9. Set the current PNR Session Visibility to a value of 3. nrcmd> set session visibility=3 10. Check the final scope configuration for the new HNBGW and confirm that all values are as per the required HNBGW to be integrated. nrcmd> scope list Note: of this command shows the scope created for the HNBGW and the DHCP information. Adding HNBGW and DHCP Information on the Redundant Serving Node This procedure adds HNBGW and DHCP information on the redundant Serving node at the PAR level. 1. Log in to the redundant or secondary Serving node using ssh as admin user. ssh <serving_node_pri_ip_addr> <input admin_pwd> 2. Switch to root user on the redundant or secondary Serving node. su <input root_pwd> 3. Log in to PAR command prompt with the appropriate admin password. /rms/app/cscoar/bin/aregcmd -N admin 3
Adding HNBGW and DHCP Information on the Redundant Serving Node 4. Navigate to the clients folder to view the available and configured HNBGW server configurations. cd /radius/clients/ 5. Add a new folder for the new HNBGW server. For example, ASR5K. Add ASR5K 6. Navigate to the newly created ASR5K folder. cd ASR5K 7. Set the protocol for the new ASR 5000 folder as Radius. set protocol radius --> set protocol radius Set Protocol radius 8. Set the HNBGW IP address which maps to the required HNBGW IP address. --> set ipaddress <asr5k_hnbgw_ip_address> --> set ipaddress 10.5.4.202 Set IPAddress 10.5.4.202 9. Set the shared secret password for the PAR configuration (This is a customer specific property and can be retrieved from the Descriptor File -> Radius Shared Secret). --> set sharedsecret <radius_shared_secret> 4
Adding HNBGW and DHCP Information on the Redundant Serving Node --> set sharedsecret secret Set SharedSecret <encrypted> 10. Return to one directory level to the list of available and configured ASR 5000 folders. cd.. 11. Navigate to the new ASR5K2 folder and check the configurations and verify if they correspond to the new ASR 5000 server configurations. cd ASR5K --> cd ASR5K [ //localhost/radius/clients/asr5k ] Name = ASR5K Description = Protocol = radius IPAddress = 10.5.4.202 SharedSecret = <encrypted> Type = NAS Vendor = IncomingScript~ = OutgoingScript~ = EnableDynamicAuthorization = FALSE NetMask = EnableNotifications = FALSE EnforceTrafficThrottling = TRUE 12. Save the PAR configuration for the new ASR 5000. save 5
Establishing Communication with the HNBGW Server --> save Validating //localhost... Saving //localhost... 13. Reload the PAR to implement the new configurations. reload --> reload Reloading Server 'Radius'... Server 'Radius' is Running, its health is 10 out of 10 14. Exit from the PAR command prompt. exit --> exit Establishing Communication with the HNBGW Server 1. Add a route towards the DHCP on the secondary Serving node. route add -net $Dhcp_Pool_Network netmask $Dhcp_Pool_Subnet gw $Serving_Node_NB_Gateway 2. Make these routes permanent. cp /etc/sysconfig/network-scripts/route-eth1 /etc/sysconfig/network-scripts/routeeth1.orig echo "$Dhcp_Pool_Network/$Dhcp_Pool_Subnet via $Serving_Node_NB_Gateway" >> /etc/sysconfig/network-scripts/route-eth1 6
Obtaining Documentation and Submitting a Service Request 3. Add IP tables for the CNR DHCP. iptables -A INPUT -i eth0 -p udp -s $Asr5k_Dhcp_Address -d $Serving_Node_Eth0_Address --dport 61610 -m state --state NEW -j ACCEPT 4. Add IP tables for the CAR radius. iptables -A INPUT -i eth0 -p udp -s $Asr5k_Radius_Address -d $Serving_Node_Eth0_Address -- dport 1812 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p udp -s $Serving_Node_Eth0_Address -d $Asr5k_Radius_Address --sport 1812 -j ACCEPT 5. Add IP tables for the femto-scope. iptables -A OUTPUT -p tcp -s $Serving_Node_Eth0_Address -d $Dhcp_Pool_Network/$Dhcp_Pool_Subnet --dport 7547 -m state --state NEW -j ACCEPT 6. Save IP table rules. Service iptables save The above procedures complete the manual addition of the HNBGW server to the redundant Serving node. Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html. Subscribe to What s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service. 7
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB s public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies are considered un-controlled copies and the original on-line version should be referred to for latest version. Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2014 Cisco Systems, Inc. All rights reserved. 8