Remote and Mobile Assets Design and Implementation Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Remote and Mobile Assets Design and Implementation Guide

Chapter Title

Technology Guidance

PDF - Complete Book (33.09 MB) PDF - This Chapter (1.62 MB)
View with Adobe Reader on a variety of devices

Results

Updated:: September 2, 2020

Chapter: Technology Guidance

Remote and Mobile Assets—Technology Guidance

This module is part of the larger Remote and Mobile Assets (RaMA) Cisco Validated Design (CVD). Refer to the other modules for additional details about certain aspects of the architecture that are touched on in this module. All of the RaMA CVD modules are available at: www.cisco.com/go/rama

■ Solution Brief—An overview of the RaMA CVD and the available modules.

■ Design and Implementation Guide (DIG)—Overall document for architecture, design, and best practice recommendations for remote and mobile asset deployments.

■ Security Module—Detailed description of the end-end security architecture using the SAFE model to secure the gateways, data plane, and management plane. Also includes a section on achieving PCI compliance

■ Enterprise Network Integration Module—Best practices for the enterprise headend focusing on resiliency, high-availability, load-balancing, and security. Includes detailed descriptions of FlexVPN and WAN redundancy mechanisms.

■ Remote Site Management Module—Best practices for remote site connectivity, covering the use of the full range of Cisco Industrial Routers (IR 807, IR 809, IR829, IR 1101) as the managed gateway, providing wired and cellular connectivity for southbound devices as well as numerous northbound interfaces. This module also covers best practices for inbound connectivity for devices behind the gateway including isolation of management and data planes and using allowed lists for applications and devices.

■ Fleet Management Module—Architecture for mobile applications in which the IR829 acts as the managed gateway and provides wired and wireless connectivity for southbound devices, as well as numerous northbound interfaces (LTE, Wireless Workgroup Bridge, GPS). Use of edge compute in the form of Cisco IOX is also included.

■ Zero Touch Provisioning Module—Use of Kinetic GMM by IT personnel for provisioning and managing Cisco Industrial Routers with a focus on secure, scalable deployment.

■ Field Deployment Module—Use of Kinetic GMM by OT personnel for deploying Cisco Industrial Routers in the field, with minimal knowledge of the underlying networking technology required.

■ Edge Compute Module—Overview of the edge compute capabilities in Cisco Industrial Routers in the form of IOx. Includes implementation examples for deploying Dockerized applications.

This module includes the following sections:

Overview	The overview briefly describes the purpose and layout of the document.
Requirements	List of requirements to consider when deciding on which industrial router is most appropriate for a specific use case.
Architecture, page 3	A brief overview of the RaMA architecture focusing on where the industrial router portfolio fits into the solution.
Design Considerations	This section takes a close look at the hardware and software capabilities of the IR807, IR809, IR829, and IR1101 industrial routers as used in the RaMA solution. Recommendations are included for choosing the best platform for some common use cases.
Common Issues and Troubleshooting	How to diagnose and resolve common issues seen with WiFi, LTE, GPS, VPN, and more.
Appendix A—Firewall Ports for Kinetic GMM to Gateway Communication	Reference table for security design.
Appendix B—Hardware and Software Matrix	Reference table of validated hardware and software combinations. This applies to all other modules of the RaMA documentation
Glossary	Acronyms used in this document.

Overview

This module provides an in depth look at Cisco's industrial routing portfolio which is central to the Remote and Mobile Assets solution. This module can be used to help guide the design and implementation of the RaMA solution. Feature comparisons between the available models (for mobile and fixed applications) are presented, as well as recommendations for hardware use in several common use cases. Some industry-agnostic troubleshooting tips are provided, along with issues to look out for when designing and deploying the industrial routers in the Remote and Mobile Assets solution. Finally, a hardware software matrix outlines all the versions validated as part of the solution Cisco Validated Design.

Requirements

■Portfolio of secure industrial gateways

■Secure cloud-hosted gateway deployment and management

■Zero-Touch Deployment (ZTD) and Zero-Touch Provisioning (ZTP)

■WAN connectivity options (Ethernet, LTE, Dual-LTE, WGB)

■WiFi hotspot

■GPS and geo-Fencing

■Enterprise network integration

■Security

■Lower deployment and operating expenses

■Higher asset uptime

■Edge compute

Figure 1 Cisco Remote and Mobile Assets—Solution Architecture—Component View

Figure 1 highlights the four primary components of the Cisco RaMA solution, the portfolio of Cisco Industrial Routers (IRs) and Cisco Kinetic GMM:

■The Cisco IR portfolio consists of different models of hardened industrial grade gateways that can be installed with fixed and mobile assets. For mobile assets, the gateways are capable of providing non-stop vehicle connectivity and an in-built GPS to track the current and historical location of the mobile asset.

■Cisco IOx provides the edge compute capability on supported IR gateways (IR809, IR829, IR1101). The ability to run microservices (from Cisco or third parties) enables data collection, processing, and forwarding at the edge of the network.

■Cisco Kinetic GMM is a cloud-hosted provisioning and management platform that enables ZTD and management of the edge routers. Kinetic GMM establishes a secure IPSec management tunnel to each of the on-boarded routers for provisioning and managing the routers from a centralized cloud. If customers wish to extend their enterprise network to the edge IoT gateways, Kinetic GMM helps provision a FlexVPN tunnel from each of the edge gateways to the enterprise headend VPN router.

■Cisco Control Center works with cellular providers to enable customers to manage the SIM cards and associated data plans for IoT devices. Integration with Kinetic GMM streamlines the management of cellular-connected Cisco gateways.

Design Considerations

Getting started with the Cisco RaMA solution requires two steps:

■Selecting the industrial router model

■Designing the solution

Selecting the Router

Figure 2 Cisco IoT Gateway Portfolio

Cisco offers a wide range of industrial routers to meet a range of requirements and budgets. Table 1 lists some of the prominent features supported by each of the routers.

Table 1 Industrial Router Options
Router	IR807 ¹	IR809 ²	IR829 ³	IR1101 ⁴
Features	Optimized for low power: ■Din rail mounting ■Compact and rugged ■Low power consumption ■SCADA integration ■Utility certifications	Compact, feature rich: ■Edge compute ■Panel mounting ■SCADA integration ■Utility certifications	Single/Dual LTE with Wi-Fi, optional PoE and mSATA: ■Storage and edge compute ■Panel mounting ignition ■Power management ■Industrial and automotive certification	Highly modular design: ■Din rail mounting ■Wall mounting ■Panel mounting ■Modular LTE and 5G ready ■SCADA integration ■Utility certifications ■SDWAN ready ■Powered by Cisco IOS XE
Ports and Backhaul	■Two Fast Ethernet ■Single LTE (Dual SIM) ■Two serial ports (RS232 DTE and DCE)	■Two RJ45 routed ports (10/100/1000 Mbps) ■Single LTE (Dual SIM) ■Two serial Ports (RS232 DTE and RS232 DCE/RS485)	■Four RJ45 with switch ports (10/100/1000 Mbps) ■Single and Dual LTE (Dual SIM) ■Two serial ports (RS232 DTE and RS232 DCE/RS485) ■WAN SFP port	■Four Fast Ethernet ■Single and Dual LTE (Dual SIM) ■One serial port (RS232 DTE) ■WAN SFP port
Wi-Fi and WGB	None	None	802.11	None
Embedded Sensors	GPS	GPS	GPS, Gyroscope, Accelerometer	GPS
Edge Compute	None	■732 CPU units for edge compute ■767MB memory ■512MB storage	■732 CPU units for edge compute ■767MB memory ■512MB storage ■Additional 50GB or 100GB mSATA storage on IR829M models	■1255 CPU units for edge compute ■862MB memory ■701MB storage ■Can add storage module with ability for mSATA SSD (65GB)
Power Consumption	■6.7w typical ■10w max	■15w typical ■19w max	■40w typical ■70w max with PoE option	■10w typical ■12w max
Other Features	IP30, Fanless	IP30, Fanless	■IP40 (IP54 enclosure available), Fanless ■Shock and vibration proof	IP30, Fanless
Dimensions (inches) and Availability	1.84 X 5.07 X 4.37 in North America and Europe	1.15 X 5.05 X 6.27 (globally)	1.73 X 11 X 7.7 (globally)	2.36 x 5.22 x 4.92 in North America and Europe

^1.https://www.cisco.com/c/en/us/products/collateral/routers/800-series-industrial-routers/datasheet-c78-739643.html

^2.https://www.cisco.com/c/en/us/products/collateral/routers/809-industrial-router/datasheet-c78-734980.html

^3.https://www.cisco.com/c/en/us/products/collateral/routers/829-industrial-router/datasheet-c78-734981.html

^4.https://www.cisco.com/c/en/us/products/collateral/routers/1101-industrial-integrated-services-router/datasheet-c78-741709.html

Designing Your Solution

Target Customers and Markets

Target customers for the Cisco RaMA solution have similar application requirements for connecting their assets, as shown in Table 2.

Table 2 Application Requirements
Typical Applications	Platform Requirements
Remote Assets
Telemetry	SCADA-certified, ruggedized routers to meet stringent specifications
Asset Control	Edge compute options for automation and legacy protocols
Predictive Maintenance	Architecture for remote machine access and data acquisition
Mobile Assets
Telematics	Best practices to deploy and manage at scale with a limited IT staff
Automatic Vehicle Location (AVL)	Integrated GPS and geofencing
Computer-Aided Dispatch (CAD)	Enterprise application integration using edge compute

Despite these similarities, the target segments also have distinct requirements based on their industry. Typical users fall into six categories with a number of vertical industries covered by each, as shown in Table 3.

Table 3 Target Customers and Markets
Segment Category	Description	Sample Requirements
Remote Assets
Connected Machines	Enterprises with industrial equipment at distributed customer and indoor locations. Includes: ■Conveyor belts, escalators, etc. ■Indoor equipment	■Real-time telemetry of machines at customer locations ■Preventative maintenance/control without a truck roll ■Flexible routing options based on available connectivity
Outdoor Equipment	Enterprises and public sector entities with industrial equipment in the field or at outdoor locations, including: ■Oil and gas companies ■Roadways and traffic management ■Utilities	■Ingress Protection (IP)-rated equipment to meet stringent temperature, dust, and operating specifications ■Edge compute options for legacy protocols ■SCADA-ready
Remote Sites	Connectivity for remote and distributed sites, including: ■Retail and distribution centers ■Kiosks	■Remote setup and operations by field workers ■Reliable data access and options for additional network services ■Simplified cloud management
Mobile Assets
Service Fleets	Enterprises that use large fleets to deliver customer services as an extension of their business, including: ■Utilities ■Telco and cable ■Specialized freight	■Extend enterprise network to vehicles ■Enterprise application integration using edge compute ■Enterprise VPN termination and unified Wi-Fi policies
Buses and Taxis	Enterprises that use vehicles as their primary means of service delivery, including: ■Bus companies ■Taxi companies	■Growing range of in-vehicle services (such as ticketing, Wi-Fi, video entertainment, and video cameras) ■Vehicle telemetry, performance tracking, and driver safety ■Deploy and manage at scale with limited IT staff
Public Safety Vehicles	Cities and municipalities that use fleets of specialized vehicles for citizen and municipal services, including: ■Police vehicles ■Ambulances ■Fire trucks	■Lives depend on an always-on connectivity ■Frequent increase in vehicle devices (such as computers, dash cams, and sensors) ■Multiple connectivity options (such as Single-LTE/Dual-LTE and Wi-Fi)

Because of the flexibility of the Industrial Routers and the Kinetic GMM software, the Cisco RaMA CVD describes a number of available options. Table 4 and Table 5 provide sample guidance for basic connectivity versus advanced connectivity to provide a flavor for the range of possibilities.

■The basic connectivity option provides basic internet connectivity for edge device(s) behind the IR, with a focus on easy deployment and minimal requirements from the enterprise network.

■The advanced connectivity option provides more complex architectures for experienced customers to use their edge gateways as a full extension of the enterprise.

All gateway configuration options shown throughout are implemented using Cisco Kinetic GMM config templates. Table 4 and Table 5 are examples that demonstrate the range of design options available through Kinetic GMM. Actual customer requirements should drive the technology decisions since those use cases may look different from the options shown below.

Although Cisco IOS provides many more options and features, these are outside the scope of this document. Mixing Kinetic GMM and manual configuration is not recommended. For use cases that require advanced IOS configuration not exposed via Base Kinetic GMM config templates, we recommend using the Advanced Templates feature within Kinetic GMM.

Table 4 Remote Assets Use Cases
	Basic Connectivity	Advanced Connectivity, including Edge Applications
Hardware	IR807	IR1101
WAN backhaul	Single cellular Single SIM Wired Fast Ethernet	Single cellular standard Optional dual cellular (with expansion module) Dual SIM 5G ready Wired Gigabit Ethernet
Edge device connectivity	Wired Fast Ethernet Serial	Wired Fast Ethernet Serial
Outbound connectivity from gateway	Public APN for cellular, access to any resource exposed to the Internet	Private APN or Public APN + FlexVPN, access to enterprise (and internet)
Inbound connectivity to gateway and edge devices	Kinetic GMM remote access	FlexVPN site-to-site tunnel
LAN addressing	Kinetic GMM assigned addressing and NAT	Custom subnet, routed mode, and VRF
Edge device authentication	None	None
Compute onboard router		IOx

Table 5 Mobile Assets Use Cases
	Basic Connectivity	Advance Connectivity
Hardware	IR829 family
WAN backhaul	Single cellular Dual SIM Wired Gigabit Ethernet	Dual cellular Dual SIM Wired Gigabit Ethernet Wi-Fi WGB
Edge device connectivity technology	802.11n wireless, autonomous mode Wired Gigabit Ethernet Serial No PoE	802.11n wireless, autonomous mode Wired Gigabit Ethernet PoE (optional) Serial
Outbound connectivity from gateway	Public APN for cellular, access to any resource exposed to the Internet	Private APN, or Public APN + FlexVPN, access to enterprise (and Internet)
Inbound connectivity to gateway and edge devices	Kinetic GMM remote access	FlexVPN site-to-site tunnel
LAN addressing	Kinetic GMM-assigned addressing and NAT	Custom subnet, routed mode, and VRF
Edge device authentication	Wireless-WPA2 PSK	Wireless-WPA2 with 802.1X
Compute onboard router	IOx No mSATA	IOx with optional mSATA storage

A collection of scripts and Advanced Templates has been posted to GitHub. This collection includes Python scripts that can be used to create these recommended templates for various use cases in Kinetic GMM. This regularly updated repository contains many of the examples shown throughout this CVD and more:
https://github.com/CiscoDevNet/iot-gateway-management

Cisco Industrial Router Portfolio

This section describes the Cisco IR portfolio in terms of hardware and networking features. When evaluating specific hardware or software features in this section, the Industrial Router platforms that support the described feature are indicated.

Cisco IR807 Ruggedized Gateway

The Cisco IR807 is a compact multimode 3G and 4G LTE wireless router. It provides an ideal solution for remote asset management across power-constrained industry segments such as distribution automation and other energy applications.

Figure 3 Cisco IR807 Ruggedized Gateway

■Cisco IR807 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/800-series-industrial-routers/datasheet-c78-739643.html

■Cisco IR807 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/807/hardware/install/guide/b_IR807hwinst.html

Cisco IR809 Ruggedized Gateway

The IR809 is Cisco's smallest multimode 3G and 4G LTE wireless router, which makes it an excellent solution for use cases where a full featured router with edge compute is required and space is a constrained.

Figure 4 Cisco IR809 Ruggedized Gateway

■Cisco IR809 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/809-industrial-router/datasheet-c78-734980.html

■Cisco IR809 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/809/hardware/install/guide/b_809hwinst.html

Cisco IR829 Ruggedized Gateway

The IR829 is Cisco's flagship IoT gateway, purpose built for deployment on board a vehicle. The optional Dual-LTE feature provides multi-path LTE and/or WAN backhaul for mission-critical IoT initiatives requiring highly-secure data delivery, edge application execution, and redundant connectivity. With two LTE modems, the IR829 can concurrently connect to two cellular networks for high reliability, enhanced data throughputs, load balancing, and differentiated services.

Figure 5 Cisco IR829 Ruggedized Gateway

■Cisco IR829 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/829-industrial-router/datasheet-c78-734981.html

■Cisco IR829 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/hardware/install/guide/b_IR829-HIG.html

Key features of the IR829 include:

■Seamless switching between wireless networks without manual intervention to ensure transparency to users. Devices (laptops, smart devices, sensors, and cameras) and applications maintain continuous connectivity as the WAN links change.

■Allows an entire mobile network or subnet to stay connected since the dual-radio 2.4GHz and 5 Ghz WLAN can serve as both clients and access points.

■Built-in GPS systems to track vehicle fleets.

■Dual Subscriber Identity Module (SIM) support for reliability and multi-homing capabilities over LTE and HSPA-based networks. The two SIMs operate in active/backup mode on the single LTE models of the IR829. On the Dual-LTE IR829, the two SIMs can operate in active/active mode with each of the SIMs assigned to different cellular carriers

Dual SIM active/backup mode is supported only on single LTE models of the IR829.

Cisco IR1101 Ruggedized Gateway

The Cisco IR1101 Integrated Services Router Rugged (IR1101) is Cisco's smallest modular industrial router. Designed in a highly modular form factor, it is an ideal solution for remote asset management across multiple industrial vertical markets.

Figure 6 Cisco IR1101 Ruggedized Gateway

Figure 7 Cisco IR1101 Expansion Module

■Cisco IR1101 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/1101-industrial-integrated-services-router/datasheet-c78-741709.html

■Cisco IR1101 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/hardware/installation/guide/1101hwinst.html

Select Hardware Features

Choice of Antennas

All Cisco hardware offer a wide range of antenna options to support the use case requirements. Best practices for antenna installation include:

■Antenna should offer MIMO on LTE. Without MIMO, WCDMA, UMTS, HSPA, and DC-HSPA+ are only possible for diversity. In the case of 3G UMTS, a solo antenna limits switching to the diversity port.

■Install the router with two antennas (Main and Aux) to guarantee the best performance level. A single antenna may affect downlink performance by more than 3dB and by as much as 20dB because of multipath fading (destructive interference between direct and reflected radio waves).

■We recommend the use of multi-element antennas (5-in-1, 3-in-1, 2-in-1) to avoid streams interfering with each other. If, instead, MIMO antennas that have a strong correlation coefficient were installed, the system may have trouble separating them (leading to interference).

■On the IR829, ensure physical spacing between antennas to allow for RF isolation between different radios. The router requires a guaranteed >15dB (ideally 20-25dB) isolation between Wi-Fi and LTE antennas to ensure optimum performance.

For guidance on antenna installation for the different gateways (Cellular Antenna, WLAN Antenna-5 Ghz, WLAN Antenna- 2.4GHz), refer to the Cisco Industrial Routers and Industrial Wireless Access Points Antenna Guide at:
https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-and-industrial-wireless-antenna-guide.html

To help with antenna selection, refer to the Antenna Selection Table at:
https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-and-industrial-wireless-antenna-guide/Antenna-Selection.html

SIM-based Auto-Carrier Selection (AutoSIM)

The router automatically detects the active SIM and configures its modem for the appropriate cellular carrier when an active SIM is inserted and powered up, which provides a number of benefits including:

■Simplified configuration and reduced setup time

■Single SKU for all carriers

■Simplified procurement, reduced inventory complexity, and simplified deployments

Figure 8 Industrial Router Auto SIM

Gyroscope/Accelerometer

The IR829 includes a built-in gyroscope and accelerometer that can detect linear acceleration and angular movement. This functionality could be used to detect equipment tampering or assist in automotive applications where movement is involved. Devices connected to the serial port can access the accelerometer and gyroscope data through the IOS CLI or IOx. These routers will, by default, take an accelerometer and gyroscope reading every second. However, the configuration can be changed to take a reading once every six or 60 seconds.

SSD Storage

The IR1101 Expansion module supports an optional mSATA Solid State Disk that is available in 100 GB capacity. This replaces the 4 GB of disk built-in storage available in the main unit and is only visible and usable in IOx. Once the module is installed, no additional configuration is needed to use the extra disk space. Since this module is not hot-swappable, the router will need to be powered off before installing the module.

The IR829-M models offer the option for an mSATA Solid State Disk that is available in 50 and 100 GB capacities. This replaces the four GB of disk storage available in other IR829 models and is only visible and usable in IOx. Once the module is installed, no additional configuration is needed to use the extra disk space. Since this module is not hot-swappable, the router will need to be powered off before installing the module.

For additional information on the mSATA SSD module, refer to mSATA SSD as Additional Storage at:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/software/configuration/guide/b_IR800config/b_IR800config_chapter_01011.pdf

General Purpose I/O (GPIO)

The IR1101 Expansion has a connector for GPIO. The Digital I/O connector has four GPIO connections plus one Return connection. The Digital I/O supports Both Dry and Wet contacts up to 60Volts.

■Dry contact is isolated from a voltage source (or “No Volt”), with an embedded relay function (NPN transistor), usually used to indicate an event. For example: open/close, alarm.

■Wet contact is a contact with external power (+3.3V to +60V, max 150mA of current allowed at high voltage) applied, usually used to energize something. For example: solenoid, light.

For additional information on the GPIO pinouts, refer to Expansion Module product overview at:
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/b_IR1101HIG/b_IR1101HIG_chapter_01.html#con_1238158

Ignition Power Management

The Ignition Power Management feature helps keep the IR829 gateway up and running while the vehicle is stopped without draining the vehicle battery. Additional benefits of the Ignition Power Management system include:

■Zero boot up time (no cold start) because the platform stays powered up for a pre-determined period of time when the vehicle engine is turned off. The pre-determined period is programmable between 60 to 7200 seconds (2H00) using the IOS ignition off-timer command.

■Energy management by allowing users to program automatic power-down of the router when the vehicle battery drops below a certain voltage threshold.

■Vehicle power fluctuations can be mitigated since the IR829 withstands the cold crank down to 6V for a period of time specified in the ISO-7637-2.

■IOS-based discharge management to prevent battery discharge by turning the router off if the vehicle has the ignition off for a period of time (programmable) and protects the router by turning the router off if the battery voltage rises above a certain level (fixed amount of time).

■Automatic event logging including ignition state (on or off), ignition-off timer expiry, features enabled or disabled through the CLI, and under-voltage and over-voltage events.

Figure 9 Ignition Power Management Features

Figure 10 Ignition Power Management

Ordering Information

An updated list of supported hardware and firmware versions is maintained at:
https://developer.cisco.com/docs/kinetic/#!supported-gateways-and-firmware/supported-gateways

To enable Cisco Kinetic GMM on Cisco gateways, order the following option in the catalog:

■Option PID: IR-CLOUD-MGMT-Enable the gateway to be ready for cloud management.

Full ordering information is covered in the Ordering Guide:
https://www.cisco.com/c/dam/en/us/products/se/2018/12/Collateral/kinetic-ess-cloud-og.pdf

When ordering new gateways for greenfield deployments, use one of the following base routers:

■IR807

■IR809

■IR829

■IR1101

Once the base router is selected, options for specific hardware models and Kinetic GMM subscription terms are made available. The available hardware SKUs supported in Kinetic GMM are listed in the next section.

Kinetic GMM Gateway Compatibility

Kinetic GMM supports the management of Cisco IR 8x9 series gateways, which currently includes the IR807, IR809, IR829, and IR1101 models as shown in Table 6, Table 7, Table 8, Table 9, and Table 10.

Table 6 IR807 and IR809 Hardware SKUs
Region	IR807	IR809
North America (US AT&T, Canada)	IR807G-LTE-NA-K9	IR809G-LTE-NA-K9
US-Verizon	IR807G-LTE-VZ-K9	IR809G-LTE-VZ-K9
Europe	IR807G-LTE-GA-K9	IR809G-LTE-GA-K9
APJC and Latin America	--	IR809G-LTE-LA-K9

Because of the differences in LTE bands supported by different operators across the globe, we encourage you to consult in-country sales resources to validate ordering information for your country. Table 7 contains the available SKUs when this document was published.

Table 7 IR829 Hardware SKUs
Region	IR829M (with mSATA + PoE Option, Single or Dual LTE)	IR829B (Single LTE, No mSATA or PoE)	IR829-2LTE (Dual LTE, PoE Option, no mSATA)	IR829GW (PoE option, no mSATA)
North America (US AT&T)	IR829M-LTE-EA-BK9 IR829M-2LTE-EA-BK9	IR829B-LTE-EA-BK9	IR829-2LTE-EA-BK9	--
US-Verizon	--	--	--	IR829GW-LTE-VZ-AK9
Canada	IR829M-LTE-EA-AK9 IR829M-2LTE-EA-AK9	IR829B-LTE-EA-AK9	IR829-2LTE-EA-AK9	IR829GW-LTE-NA-AK9
Europe	IR829M-LTE-EA-EK9 IR829M-2LTE-EA-EK9	IR829B-LTE-EA-EK9	IR829-2LTE-EA-EK9	IR829GW-LTE-GA-EK9
APJC Australia New Zealand China Hong Kong India Japan Korea Malaysia	IR829M-LTE-LA-ZK9	--	--	IR829GW-LTE-GA-SK9 IR829GW-LTE-GA-ZK9 IR829GW-LTE-LA-ZK9 IR829GW-LTE-LA-HK9 IR829GW-LTE-LA-SK9 IR829GW-LTE-LA-QK9 IR829GW-LTE-LA-QK9 IR829GW-LTE-LA-KK IR829GW-LTE-GA-CK9 IR829GW-LTE-LA-LK9
Latin America Brazil Panama	IR829M-LTE-LA-ZK9	--	--	IR829GW-LTE-LA-ZK9 IR829GW-LTE-LA-NK9

Table 8 IR1101 Hardware SKUs
Router Part #	Description
IR1101-K9	Cisco IR1101 Integrated Services Router Rugged with SL-IR1101-NE (Network Essentials) software license
IR1101-A-K9	Cisco IR1101 Integrated Services Router Rugged with SL-IR1101-NA (Network Advantage) software license
Expansion Module Part #
IRM-1100-SPMI	Expansion module for dual active LTE, 1 GE SFP and 1 Pluggable Module, 1 Digital GPIO Connector, and 1 mSATA SSD Slot.
IRM-1100-SP	Expansion module for dual 7active LTE, 1 GE SFP and 1 Pluggable Module.
IR1100-SSD-100G	100 GB mSATA SSD
Cellular Module Part #
P-LTEA-EA(=)	Category 6 LTE module for North America, Europe and Middle East
P-LTEA-LA(=)	Category 6 LTE module for Asia Pacific and Latin America
P-LTE-MNA(=)	Category 4 LTE module for AT&T (FirstNet) and Verizon, US
P-LTE-US(=)	Category 4 LTE module for AT&T, U.S
P-LTE-VZ(=)	Category 4 LTE module for Verizon, U.S
P-LTE-GB(=)	Category 4 LTE module for Europe
P-LTEAP18-GL	Category 18 LTE module North America, Europe, Japan, Australia and NZ
Power Supply Part #
PWR-IE50W-AC-L=	AC power adapter for 110/220V AC and 88-300V DC input (temperature profile: -40C to 60C)

Table 9 IR1101 Cellular Modules: Available LTE Advanced (3GPP Category 6) Modules
Region	P-LTEA-EA	P-LTEA-LA
LTE Bands	LTE bands 1-5, 7, 8, 12, 13, 20, 25, 26, 29, 30, and 41 FDD LTE 700 MHz (band 12), 700 MHz (band 29), 800 MHz (band 20), 850 MHz (band 5 CLR), 850 MHz (band 26 Low), 900 MHz (band 8), 1800 MHz (band 3), 1900 MHz (band 2), 1900 MHz (PCS band 25), 1700 MHz and 2100 MHz (band 4 AWS), 2100 MHz (band 1), 2300 MHz (band 30), or 2600 MHz (band 7) TDD LTE 2500 MHz (band 41) Carrier aggregation band combinations: 1+8; 2+(2,5,12,13,29); 3+(7,20); 4+(4,5,12,13,29); 7+(7,20); 12+30, 5+30, and 41+41	LTE bands 1, 3, 5, 7, 8, 18, 19, 21, 28, 38, 39, 40, and 41 FDD LTE 700 MHz (band 28), 850 MHz (band 5 CLR), 850 MHz (bands 18 and 19 Low), 900 MHz (band 8), 1500 MHz (band 21), 1800 MHz (band 3), 2100 MHz (band 1), or 2600 MHz (band 7) TDD LTE 1900 MHz (band 39), 2300 MHz (band 40), 2500 MHz (band 41), or 2600 MHz (band 38) Carrier aggregation band combinations: 1+(8,18,19,21); 3+(5,7,19,28); 7+(5,7,28); 19+21, 38+38, 39+39,40+40, and 41+41
United States	Verizon, AT&T Mobile
Canada	Yes
Australia & New Zealand		Yes
Japan		Yes
India, Singapore, Malaysia, Thailand		Yes
UAE	Yes

Table 10 IR1101 Cellular Modules: Available LTE (3GPP Category 4) Modules
Region	P-LTE-VZ	P-LTE-US	P-LTE-GB	P-LTE-MNA	P-LTEAP18-GL
LTE Bands	LTE bands 4, 13 FDD LTE 700 MHz (band 13), 1700 MHz and 2100 MHz (band 4 AWS)	LTE bands 2, 4, 5, 12 FDD LTE 700 MHz (band 17), 700 MHz (band 12), 850 MHz (band 5 CLR), 1700 MHz and 2100 MHz (band 4 AWS)	LTE bands 1, 3, 7, 8, 20, 28 FDD LTE 700 MHz (band 28), 800 MHz (band 20), 900 MHz (band 8), 1800 MHz (band 3), 2100 MHz (band 1), and 2600 MHz (band 7)	LTE bands 2,4,5,12,13,14,17,66 FDD LTE 1700 MHz and 2100 MHz (band 66 Ext AWS), 700 MHz (band 17, 14, 13,12), 850 MHz (band 5 CLR), 1700 MHz and 2100 MHz (band 4 AWS), 1900 MHz (band 2).	LTE bands 1-5, 7, 8, 12-14, 17, 18-20, 25, 26, 28-30, 32, 38-43, 46, 48, 66, and 71. FDD LTE 600 MHz (band 71), 700 MHz (bands 12, 13, 14, 17, 28, and 29), 800 MHz (band 20), 850 MHz (bands 5, 18, 19, and 26), 900 MHz (band 8), 1500 MHz (band 32), 1700 MHz (bands 4 and 66), 1800 MHz (band 3), 1900 MHz (bands 2 and 25), 2100 MHz (band 1), 2300 MHz (band 30), 2600 MHz (band 7). TDD LTE 1900 MHz (band 39), 2300 MHz (band 40), 2500 MHz (band 41), 2600 MHz (band 38), 3500 MHz (bands 42 and 48), 3700 MHz (band 43), 5200 MHz (band 46)
United States	Verizon	AT&T Mobile		Multicarrier (AT&T and Verizon)	Yes
Europe			Yes		Yes
Band 14				Yes
FirstNet Certification				In Progress

Kinetic GMM Subscription Details

Kinetic GMM is available as part of the Cisco Kinetic platform subscription. Cloud-hosted Kinetic GMM is sold based on the number of gateways under management. You can purchase a subscription for a 12, 36, or 60-month period. Since Cisco Kinetic GMM is a cloud-hosted platform, you will automatically receive periodic updates to stay up-to-date with the latest version of the software. You can choose to prepay the subscription price for the entire term or on an annualized basis.

Kinetic GMM Services and Support

Your Kinetic GMM base software subscription entitles you to limited 12x5 phone/TAC support. The limited support includes access to trained TAC personnel via phone, web, and email. In addition, support includes the continuous monitoring of the Kinetic Cloud Operations. You can also access online resources, including the knowledge base and tutorials. No additional products, licenses, or fees are required to access basic support services with the Cisco Kinetic GMM subscription. Enhanced support is available for an additional fee.

Common Issues and Troubleshooting

For additional detailed troubleshooting procedures, refer to:
https://developer.cisco.com/docs/kinetic/#!gateway-diagnostics

Common Gateway Issues

Stuck in Registering for more than 10 minutes.

This usually indicates that the gateway is not able to contact Cisco Kinetic:

■For cellular gateways, ensure that a SIM card was inserted and has a valid data plan.

■If Ethernet-based gateways are used, verify that the required network ports are open and that no firewalls are blocking the gateway from reaching the internet.

Stuck in the In Progress State for more than 10 minutes:

■Ensure that the gateway did not go offline and internet connectivity is still present.

■Check the Gateway Event Logs under the Gateway Details page to see if the gateway registered successfully and was configured.

■Verify that the WAN interface configuration is correct in the template used to claim the gateway.

Gateway is in Failed State:

■Ensure that the gateway did not go offline and internet connectivity is still present.

■Check that the gateway model and model for the associated template are the same.

■Verify that the WAN interface configuration is correct in the template used to claim the gateway.

GPS Troubleshooting

If the gateway location is not being updated correctly on the map view:

■Wait for the update to occur. The gateway location is updated every 30 seconds.

■Verify that GPS is enabled on the Gateway Details -> Current Config page.

■If GPS is not in enabled state, check if the gateway was claimed using a configuration that enabled GPS. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

■Ensure that the correct GPS antennas are attached to the gateway.

■Delete and reclaim the gateway with the correct configuration if required.

Login Troubleshooting

■Ensure that you or your user has a valid account in the portal.

■Click Forgot Password to reset a password.

Private Subnet Troubleshooting

If the devices connected to the gateway are not getting assigned the right DHCP IP addresses:

■If private subnet is not enabled, the devices will be assigned IP addresses from Cisco Kinetic.

■Verify that the private subnet is enabled on the Gateway Details -> Current Config page.

■If private subnet is not enabled, check if the gateway was claimed using a configuration that enabled private subnet. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

■Verify that the configuration details entered for configuration are correct.

■Delete and reclaim the gateway with the correct configuration if required.

Customer VPN Troubleshooting

If the gateway is not able to establish a tunnel with the HER:

■Verify that VPN is enabled on the Gateway Current Config page.

■If the VPN is not enabled, check if the device was claimed using a configuration that enabled the Customer VPN. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

■Verify that the details entered for the VPN configuration are correct.

■Verify that the configuration on your HER is correct and that it allows the gateways to establish tunnels with the provided configuration.

■Delete and reclaim the gateway with the correct configuration if required.

Note: A known issue exists where site-to-site VPN tunnels and the site-to-site VPN tunnel IP Address on the Gateway Details page can take up to 30 minutes to update after it is successfully enabled.

WGB Troubleshooting

If the gateway is not able to connect to the root access point:

■Verify that WGB is enabled on the Gateway Details -> Current Config page.

■If it is not enabled, check if the gateway was claimed using a configuration that enabled WGB. This can be checked in the Gateway Event Logs. Note:

■Confirm that the details entered for the WGB configuration are correct.

■Ensure that the correct antennas are attached to the gateway.

■WGB is supported only on the 5GHz radio. Verify that the root access point is compatible with this.

■Make sure the radio frequencies between AP and the WGB device are in the same domain and have a common frequency.

■Use the command show controller Dot11 1 frequency to display the frequency channels.

Ideally, there will be many overlapping non-DFS channel between the IR829 gateway’s AP and the root AP.

■Delete and reclaim the gateway with the correct configuration if required.

Note: WGB is supported only on IR829 gateways that use cellular as the uplink and is not supported on IR809 gateways and Ethernet enabled IR829 gateways.

Wi-Fi Troubleshooting

If you are not able to connect any devices to the Wi-Fi hotspot configured on the gateway:

■Ensure that the correct SSID and preshared key are entered into the device.

■Ensure that the correct antenna is attached to the gateway and that the device is within range.

■Verify that Wi-Fi is enabled on the Gateway Details -> Current Config page.

■If Wi-Fi is not enabled, check if the gateway was claimed using a configuration that enabled Wi-Fi. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied. Delete and reclaim the gateway with the correct configuration, if required.

■If WGB is also enabled on the gateway, then Wi-Fi works only on the 2.4 GHz radio.

■Wi-Fi is supported only on the IR829 gateways (not supported on IR809 devices).

For additional information on troubleshooting:

■ https://developer.cisco.com/docs/kinetic/#!gateway-configuration-troubleshooting

■ https://developer.cisco.com/docs/kinetic/#!deploy-your-gateways/troubleshooting

Appendix A—Firewall Ports for Kinetic GMM to Gateway Communication

Cisco Kinetic requires specific TCP/UDP network ports and IP protocols to be opened on the network firewall to communicate with the gateways. For the recommended settings, refer to https://developer.cisco.com/docs/kinetic/#!requirements/admin-console-requirements,

Table 11 TCP/UDP Ports
Port	Protocol	Destination	Description	Required for Kinetic Module
53	UDP	IP of assigned DNS server	GW must have access to DNS resolution service. Domain Name System (DNS) us.ciscokinetic.ioeu.ciscokinetic.io	GMM and DCM
123	UDP	NTP Server: 129.6.15.30	Network Time Protocol (NTP)	GMM and DCM
500	UDP	US cluster: 34.208.182.252 EU cluster: 34.240.190.128	Bidirectional access is required for the Internet Security Association and Key Management Protocol (ISAKMP)/Internet Key Exchange (IKE)	GMM and DCM
4500	UDP	US cluster: 34.208.182.252 EU cluster: 34.240.190.128	Bidirectional access is required for IPSec NAT Traversal	GMM and DCM
8883	TCP	US cluster: Name resolution of us.ciscokinetic.io EU cluster: Name resolution of eu.ciscokinetic.io The DNS name us.ciscokinetic.io resolves to: 54.71.117.77 34.216.139.206 52.11.218.197 The DNS name eu.ciscokinetic.io resolves to: 52.212.193.126 54.194.175.23 34.252.252.200	Secure MQTT (MQTT over TLS) for the data pipeline. Required for Cisco Kinetic DCM only when publishing to the Kinetic cloud. You can use MQTT over Web sockets (TCP 443) instead.	DCM
443	TCP	US cluster: Name resolution of mqtt-us.ciscokinetic.io EU cluster: Name resolution of mqtt-eu.ciscokinetic.io The DNS name us.ciscokinetic.io resolves to: 54.71.117.77 34.216.139.206 52.11.218.197 The DNS name eu.ciscokinetic.io resolves to: 52.212.193.126 54.194.175.23 34.252.252.200	Secure MQTT (MQTT over Web Socket) for the data pipeline. Required for Cisco Kinetic DCM only when publishing to the Kinetic cloud. Can use MQTT over TLS instead.
9123	TCP	US cluster: Name resolution of us.ciscokinetic.io EU cluster: Name resolution of eu.ciscokinetic.io The DNS name us.ciscokinetic.io resolves to: 54.71.117.77 34.216.139.206 52.11.218.197 The DNS name eu.ciscokinetic.io resolves to: 52.212.193.126 54.194.175.23 34.252.252.200	Call-home registration. Required for all gateways shipped from Cisco November 15, 2018 or earlier or if the gateway was provisioned using a GPT version 1.91.2.7 or earlier.	GMM
9124	TCP	US cluster: Name resolution of us.ciscokinetic.io EU cluster: Name resolution of eu.ciscokinetic.io The DNS name us.ciscokinetic.io resolves to: 54.71.117.77 34.216.139.206 52.11.218.197 The DNS name eu.ciscokinetic.io resolves to: 52.212.193.126 54.194.175.23 34.252.252.200	Call-home registration. Required for all gateways shipped from Cisco on or after November 16, 2018 or if the gateway was provisioned using GPT version 1.91.2.8 or later.	GMM

Table 12 IP Protocol Requirements
Port	Protocol	Destination	Description	Required for Product
50	IP	US cluster: 34.208.182.252 EU cluster: 34.240.190.128	Encapsulating Security Payload (ESP)	GMM and DCM

Appendix B—Hardware and Software Matrix

Table 13 lists the individual component versions that have been validated to work together as part of the CVD test effort.

Table 13 Validated Component Versions
Component	Hardware	Software
VPN HER	ASR1002-HX	IOS-XE 16.9.2
Mobile Gateway	Industrial Router 829	IOS Version 15.8(3)M2a Modem Firmware: SWI9X30C_02.20.03.00 Embedded AP: 15.3(3)JI1
Remote Gateway	Industrial Router 807 Industrial Router 809 Industrial Router 1101	IOS for IR807, IR809: 15.8(3)M2a IOS-XE for IR1101: 16.11.1 IR807 modem: SWI9X07Y_02.18.05.00 IR809 modem: SWI9X15C_05.05.58.00
Hypervisor	VMWare ESXi	Version 6.5.0
Wireless LAN Controller	Cisco Virtual Wireless Controller	Version 8.3.143.0
RADIUS Server	CentOS VM + FreeRADIUS	Version 7.5.1804 (Core) FreeRADIUS Version 3.0.13
Lightweight Access Point	Cisco Aironet 3702	Primary Software Version 8.3.143.0 IOS Version 15.3(3)JD16
Cisco Identity Services Engine (ISE)	Virtual machine	2.4.0.357
Microsoft Active Directory (AD)	Virtual machine	Windows Server 2016 version 1607
Cisco Prime Network Registrar (CPNR)	Virtual machine	10.0.0.1

Glossary

Term	Definition
AAA	Authentication, Authorization, and Accounting
AP	Access Point
APN	Access Point Name
AR	Active Router
CAPWAP	Control and Provisioning of Wireless Access Points
CLB	Cluster Load Balancing
CVD	Cisco Validated Design
DMVPN	Dynamic Multipoint VPN
DNS	Domain Name System
DoS	Denial of Service
DPD	Dead Peer Detection
EAP	Extensible Authentication Protocol
EAPoL	EAP over LAN
EEM	Embedded Event Manager
GMM	Cisco Kinetic Gateway Management Module
GPT	Cisco Kinetic Gateway Provisioning Tool
GRE	Generic Routing Encapsulation
HER	Headend Router
HSPA	High Speed Packet Access
HSRP	Hot Standby Router Protocol
ICMP	Internet Control Message Protocol
IDS	Intrusion Detection System
IKE	Internet Key Exchange
IoT	Internet of Things
IPS	Intrusion Prevention System
IR	Industrial Router
ISAKMP	Internet Security Association and Key Management Protocol
ISE	Cisco Identity Services Engine
LAP	Lightweight Access Point
LLG	Least Loaded Gateway
LTE	Long Term Evolution
LWAP	Lightweight Access Point
MIMO	Multiple-Input and Multiple-Output
MPLS	Multiprotocol Label Switching
MQC	Modular QoS
mSATA	mini-Serial Advanced Technology Attachment
NAT	Network Address Translation
NGE	Cisco Next-Generation Encryption
NHRP	Next Hop Resolution Protocol
NTP	Network Time Protocol
PoE	Power over Ethernet
PSK	Pre-Shared Keys
RaMA	Cisco Remote and Mobile Assets
RFC	Request for Comments
RHEL	Red Hat Enterprise Linux
RTU	Remote Terminal Unit
SCADA	Supervisory Control and Data Acquisition
SFP	Small Form-Factor Pluggable
SIM	Subscriber Identification Module
SVI	Switched Virtual Interface
UDP	User Datagram Protocol
VIP	Virtual IP address
VPN	Virtual Private Network
VRF	Virtual Route Forwarding
VTI	Virtual Tunnel Interface
vWLC	virtual Wireless LAN Controller
WAF	Web Application Firewall
WAN	Wide Area Network
WGB	Workgroup Bridge
WLC	Cisco Wireless LAN Controller
ZTD	Zero-Touch Deployment

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

Remote and Mobile Assets Design and Implementation Guide

Bias-Free Language

Results

Chapter: Technology Guidance

Remote and Mobile Assets—Technology Guidance

Overview

Requirements

Design Considerations

Selecting the Router

Designing Your Solution

Target Customers and Markets

Cisco Industrial Router Portfolio

Cisco IR807 Ruggedized Gateway

Cisco IR809 Ruggedized Gateway

Cisco IR829 Ruggedized Gateway

Cisco IR1101 Ruggedized Gateway

Select Hardware Features

Choice of Antennas

SIM-based Auto-Carrier Selection (AutoSIM)

Gyroscope/Accelerometer

SSD Storage

General Purpose I/O (GPIO)

Ignition Power Management

Ordering Information

Kinetic GMM Gateway Compatibility

Kinetic GMM Subscription Details

Kinetic GMM Services and Support

Common Issues and Troubleshooting

Common Gateway Issues

GPS Troubleshooting

Login Troubleshooting

Private Subnet Troubleshooting

Customer VPN Troubleshooting

WGB Troubleshooting

Wi-Fi Troubleshooting

Appendix A—Firewall Ports for Kinetic GMM to Gateway Communication

Appendix B—Hardware and Software Matrix

Glossary

Term

Definition

Was this Document Helpful?

Contact Cisco