Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Remote and Mobile Assets Design and Implementation Guide

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Remote and Mobile Assets Design and Implementation Guide

Chapter Title

Technology Guidance

Results

Updated:
August 21, 2019

Chapter: Technology Guidance

Remote and Mobile Assets—Technology Guidance

 

This module is part of the larger Remote and Mobile Assets (RaMA) Cisco Validated Design (CVD). Refer to the other modules for additional details about certain aspects of the architecture that are touched on in this module. All of the RaMA CVD modules are available at: www.cisco.com/go/rama

blank.gif Solution Brief—An overview of the RaMA CVD and the available modules.

blank.gif Design and Implementation Guide (DIG)—Overall document for architecture, design, and best practice recommendations for remote and mobile asset deployments.

blank.gif Security Module—Describes how the RaMA solution was designed from the ground up with security in mind. Includes detailed descriptions of how the solution fits into the SAFE model, including securing the gateways, data plane, and management plane. Also includes a section on achieving PCI compliance.

blank.gif Enterprise Network Integration Module—Best practices for the enterprise headend focusing on resiliency, high-availability, load-balancing, and security. Includes detailed descriptions of FlexVPN and WAN redundancy mechanisms.

blank.gif Remote Site Management Module—Best practices for remote site connectivity, covering the use of the full range of Cisco Industrial Routers (IR 807, IR 809, IR829, IR 1101) as the managed gateway, providing wired and cellular connectivity for southbound devices as well as numerous northbound interfaces. This module also covers best practices for inbound connectivity for devices behind the gateway including isolation of management and data planes and whitelisting of applications and devices.

blank.gif Fleet Management Module—Architecture for mobile applications in which the IR829 acts as the managed gateway and provides wired and wireless connectivity for southbound devices, as well as numerous northbound interfaces (LTE, Wireless Workgroup Bridge, GPS). Use of edge compute in the form of Cisco IOX is also included.

blank.gif Zero Touch Provisioning Module—Use of Kinetic GMM by IT personnel for provisioning and managing Cisco Industrial Routers with a focus on secure, scalable deployment.

blank.gif Field Deployment Module—Use of Kinetic GMM by OT personnel for deploying Cisco Industrial Routers in the field, with minimal knowledge of the underlying networking technology required.

blank.gif Edge Compute Module—Overview of the edge compute capabilities in Cisco Industrial Routers in the form of IOx. Includes implementation examples for deploying Dockerized applications.

This module includes the following sections:

Overview

A brief summary of the Technology Guidance module.

Requirements

List of requirements to consider when deciding on which industrial router is most appropriate for a specific use case.

Architecture, page 3

A brief overview of the RaMA architecture focusing on where the industrial router portfolio fits into the solution.

Design Considerations

This section takes a close look at the hardware and software capabilities of the IR807, IR809, IR829, and IR1101 industrial routers as used in the RaMA solution. Recommendations are included for choosing the best platform for some common use cases.

Common Issues and Troubleshooting

How to diagnose and resolve common issues seen with WiFi, LTE, GPS, VPN, and more.

Appendix A—Firewall Ports for Kinetic GMM to Gateway Communication

Reference table for security design.

Appendix B—Hardware and Software Matrix

Reference table of validated hardware and software combinations. This applies to all other modules of the RaMA documentation

Glossary

List of relevant acronyms and initialisms.

Overview

This module provides an in depth look at Cisco's industrial routing portfolio which is central to the RaMA solution. This module can be used to help guide the design and implementation of the RaMA solution. Feature comparisons between the available models (for mobile and fixed applications) are presented, as well as recommendations for hardware use in several common use cases. Some industry-agnostic troubleshooting tips are provided, along with issues to look out for when designing and deploying the industrial routers in the RaMA solution. Finally, a hardware software matrix outlines all of the versions validated as part of the solution Cisco Validated Design.

Requirements

blank.gifPortfolio of secure industrial gateways

blank.gifSecure cloud-hosted gateway deployment and management

blank.gifZero-Touch Deployment (ZTD) and Zero-Touch Provisioning (ZTP)

blank.gifWAN connectivity options (Ethernet, LTE, Dual-LTE, WGB)

blank.gifWiFi hotspot

blank.gifGPS and geo-Fencing

blank.gifEnterprise network integration

blank.gifSecurity

blank.gifLower deployment and operating expenses

Figure 1 Cisco Remote and Mobile Assets—Solution Architecture—Component View

 

257772.jpg

Figure 1 highlights the four primary components of the Cisco RaMA solution, the portfolio of Cisco Industrial Routers (IRs), and Cisco Kinetic GMM:

blank.gifThe Cisco IR portfolio consists of different models of hardened industrial grade gateways that can be installed with fixed and mobile assets. For mobile assets, the gateways are capable of providing non-stop vehicle connectivity and an in-built GPS to track the current and historical location of the mobile asset.

blank.gifCisco IOx provides the edge compute capability on supported IR gateways (IR809, IR829, IR1101). The ability to run microservices (from Cisco or third parties) enables data collection, processing, and forwarding at the edge of the network.

blank.gifCisco Kinetic GMM is a cloud-hosted provisioning and management platform that enables ZTD and management of the edge routers. Kinetic GMM establishes a secure IPSec management tunnel to each of the on-boarded routers for provisioning and managing the routers from a centralized cloud. If customers wish to extend their enterprise network to the edge IoT gateways, Kinetic GMM helps provision a FlexVPN tunnel from each of the edge gateways to the enterprise headend VPN router.

blank.gifCisco Control Center works with cellular providers to enable customers to manage the SIM cards and associated data plans for IoT devices. Integration with Kinetic GMM streamlines the management of cellular-connected Cisco gateways.

Design Considerations

Getting started with the Cisco RaMA solution requires two steps:

blank.gifSelecting the industrial router model

blank.gifDesigning the solution

Selecting the Router

Figure 2 Cisco IoT Gateway Portfolio

 

257965.jpg

Cisco offers a wide range of industrial routers to meet a range of requirements and budgets. Table 1 lists some of the prominent features supported by each of the routers.

 

Table 1 Industrial Router Options

Router
IR807 1
IR809 2
IR829 3
IR1101 4
Features

Optimized for low power:

blank.gifDin rail mounting

blank.gifCompact and rugged

blank.gifLow power consumption

blank.gifSCADA integration

blank.gifUtility certifications

Compact, feature rich:

blank.gifEdge compute

blank.gifPanel mounting

blank.gifSCADA integration

blank.gifUtility certifications

Single/Dual LTE with Wi-Fi, optional PoE and mSATA:

blank.gifStorage and edge compute

blank.gifPanel mounting ignition

blank.gifPower management

blank.gifIndustrial and automotive certification

Highly modular design:

blank.gifDin rail mounting

blank.gifWall mounting

blank.gifPanel mounting

blank.gifModular LTE and 5G ready

blank.gifSCADA integration

blank.gifUtility certifications

blank.gifSDWAN ready

blank.gifPowered by Cisco IOS XE
Ports and Backhaul

blank.gifTwo Fast Ethernet

blank.gifSingle LTE (Dual SIM)

blank.gifTwo serial ports (RS232 DTE and DCE)

blank.gifTwo RJ45 routed ports (10/100/1000 Mbps)

blank.gifSingle LTE (Dual SIM)

blank.gifTwo serial Ports (RS232 DTE and RS232 DCE/RS485)

blank.gifFour RJ45 with switch ports (10/100/1000 Mbps)

blank.gifSingle and Dual LTE (Dual SIM)

blank.gifTwo serial ports (RS232 DTE and RS232 DCE/RS485)

blank.gifWAN SFP port

blank.gifFour Fast Ethernet

blank.gifSingle and Dual LTE (Dual SIM)

blank.gifOne serial port (RS232 DTE)

blank.gifWAN SFP port
Wi-Fi and WGB

None

None

802.11

None
Embedded Sensors

GPS

GPS

GPS, Gyroscope, Accelerometer

GPS
Edge Compute

None

blank.gif732 CPU units for edge compute

blank.gif767MB memory

blank.gif512MB storage

blank.gif732 CPU units for edge compute

blank.gif767MB memory

blank.gif512MB storage

blank.gifAdditional 50GB or 100GB mSATA storage on IR829M models

blank.gif1000 CPU units for edge compute

blank.gif862MB memory

blank.gif512MB storage

blank.gifCan add storage module with ability for mSATA SSD
Power Consumption

blank.gif6.7w typical

blank.gif10w max

blank.gif15w typical

blank.gif19w max

blank.gif40w typical

blank.gif70w max with PoE option

blank.gif10w typical

blank.gif12w max
Other Features

IP30, Fanless

IP30, Fanless

blank.gifIP40 (IP54 enclosure available), Fanless

blank.gifShock and vibration proof

IP30, Fanless
Dimensions (inches) and Availability

1.84 X 5.07 X 4.37 in North America and Europe

1.15 X 5.05 X 6.27 (globally)

1.73 X 11 X 7.7 (globally)

2.36 x 5.22 x 4.92 in North America and Europe

1.https://www.cisco.com/c/en/us/products/collateral/routers/800-series-industrial-routers/datasheet-c78-739643.html

2.https://www.cisco.com/c/en/us/products/collateral/routers/809-industrial-router/datasheet-c78-734980.html

3.https://www.cisco.com/c/en/us/products/collateral/routers/829-industrial-router/datasheet-c78-734981.html

4.https://www.cisco.com/c/en/us/products/collateral/routers/1101-industrial-integrated-services-router/datasheet-c78-741709.html

Designing Your Solution

Target Customers and Markets

Target customers for the Cisco RaMA solution have similar application requirements for connecting their assets, as shown in Table 2.

 

Table 2 Application Requirements

Typical Applications
Platform Requirements
Remote Assets

Telemetry

SCADA-certified, ruggedized routers to meet stringent specifications

Asset Control

Edge compute options for automation and legacy protocols

Predictive Maintenance

Architecture for remote machine access and data acquisition
Mobile Assets

Telematics

Best practices to deploy and manage at scale with a limited IT staff

Automatic Vehicle Location (AVL)

Integrated GPS and geofencing

Computer-Aided Dispatch (CAD)

Enterprise application integration using edge compute

Despite these similarities, the target segments also have distinct requirements based on their industry. Typical users fall into six categories with a number of vertical industries covered by each, as shown in Table 3.

 

Table 3 Target Customers and Markets

Segment Category
Description
Sample Requirements
Remote Assets

Connected Machines

Enterprises with industrial equipment at distributed customer and indoor locations. Includes:

blank.gifConveyor belts, escalators, etc.

blank.gifIndoor equipment

blank.gifReal-time telemetry of machines at customer locations

blank.gifPreventative maintenance/control without a truck roll

blank.gifFlexible routing options based on available connectivity

Outdoor Equipment

Enterprises and public sector entities with industrial equipment in the field or at outdoor locations, including:

blank.gifOil and gas companies

blank.gifRoadways and traffic management

blank.gifUtilities

blank.gifIngress Protection (IP)-rated equipment to meet stringent temperature, dust, and operating specifications

blank.gifEdge compute options for legacy protocols

blank.gifSCADA-ready

Remote Sites

Connectivity for remote and distributed sites, including:

blank.gifRetail and distribution centers

blank.gifKiosks

blank.gifRemote setup and operations by field workers

blank.gifReliable data access and options for additional network services

blank.gifSimplified cloud management
Mobile Assets

Service Fleets

Enterprises that use large fleets to deliver customer services as an extension of their business, including:

blank.gifUtilities

blank.gifTelco and cable

blank.gifSpecialized freight

blank.gifExtend enterprise network to vehicles

blank.gifEnterprise application integration using edge compute

blank.gifEnterprise VPN termination and unified Wi-Fi policies

Buses and Taxis

Enterprises that use vehicles as their primary means of service delivery, including:

blank.gifBus companies

blank.gifTaxi companies

blank.gifGrowing range of in-vehicle services (such as ticketing, Wi-Fi, video entertainment, and video cameras)

blank.gifVehicle telemetry, performance tracking, and driver safety

blank.gifDeploy and manage at scale with limited IT staff

Public Safety Vehicles

Cities and municipalities that use fleets of specialized vehicles for citizen and municipal services, including:

blank.gifPolice vehicles

blank.gifAmbulances

blank.gifFire trucks

blank.gifLives depend on an always-on connectivity

blank.gifFrequent increase in vehicle devices (such as computers, dash cams, and sensors)

blank.gifMultiple connectivity options (such as Single-LTE/Dual-LTE and Wi-Fi)

Because of the flexibility of the Industrial Routers and the Kinetic GMM software, the Cisco RaMA CVD describes a number of available options. Table 4 and Table 5 provide sample guidance for basic connectivity versus advanced connectivity to provide a flavor for the range of possibilities.

blank.gifThe basic connectivity option provides basic internet connectivity for edge device(s) behind the IR, with a focus on easy deployment and minimal requirements from the enterprise network.

blank.gifThe advanced connectivity option provides more complex architectures for experienced customers to use their edge gateways as a full extension of the enterprise.

All gateway configuration options shown throughout are implemented using Cisco Kinetic GMM config templates. Table 4 and Table 5 are examples that demonstrate the range of design options available through Kinetic GMM. Actual customer requirements should drive the technology decisions since those use cases may look different from the options shown below.

Although Cisco IOS provides many more options and features, these are outside the scope of this document. Mixing Kinetic GMM and manual configuration is not recommended. For use cases that require advanced IOS configuration not exposed via Base Kinetic GMM config templates, we recommend using the Advanced Templates feature within Kinetic GMM.

 

Table 4 Remote Assets Use Cases

 
Basic Connectivity
Advanced Connectivity, including Edge Applications

Hardware

IR807

IR1101

WAN backhaul

Single cellular
Single SIM
Wired Fast Ethernet

Single cellular standard

Optional dual cellular (with expansion module)
Dual SIM

5G ready
Wired Gigabit Ethernet

Edge device connectivity

Wired Fast Ethernet
Serial

Wired Fast Ethernet
Serial

Outbound connectivity from gateway

Public APN for cellular, access to any resource exposed to the Internet

Private APN or Public APN + FlexVPN, access to enterprise (and internet)

Inbound connectivity to gateway and edge devices

Kinetic GMM remote access

FlexVPN site-to-site tunnel

LAN addressing

Kinetic GMM assigned addressing and NAT

Custom subnet, routed mode, and VRF

Edge device authentication

None

None

Compute onboard router

 

IOx

 

Table 5 Mobile Assets Use Cases

 
Basic Connectivity
Advance Connectivity

Hardware

IR829 family

WAN backhaul

Single cellular
Dual SIM
Wired Gigabit Ethernet

Dual cellular
Dual SIM
Wired Gigabit Ethernet
Wi-Fi WGB

Edge device connectivity technology

802.11n wireless, autonomous mode
Wired Gigabit Ethernet
Serial
No PoE

802.11n wireless, autonomous mode
Wired Gigabit Ethernet
PoE (optional)
Serial

Outbound connectivity from gateway

Public APN for cellular, access to any resource exposed to the Internet

Private APN, or
Public APN + FlexVPN,
access to enterprise (and Internet)

Inbound connectivity to gateway and edge devices

Kinetic GMM remote access

FlexVPN site-to-site tunnel

LAN addressing

Kinetic GMM-assigned addressing and NAT

Custom subnet, routed mode, and VRF

Edge device authentication

Wireless-WPA2 PSK

Wireless-WPA2 with 802.1X

Compute onboard router

IOx
No mSATA

IOx with optional mSATA storage

A collection of scripts and Advanced Templates has been posted to GitHub. This collection includes Python scripts that can be used to create these recommended templates for various use cases in Kinetic GMM. This regularly updated repository contains many of the examples shown throughout this CVD and more:
https://github.com/CiscoDevNet/iot-gateway-management

Cisco Industrial Router Portfolio

This section describes the Cisco IR portfolio in terms of hardware and networking features. When evaluating specific hardware or software features in this section, refer to the icons below that indicate which of the four Industrial Router platforms support the described feature.

Cisco IR807 Ruggedized Gateway

The Cisco IR807 is a compact multimode 3G and 4G LTE wireless router. It provides an ideal solution for remote asset management across power-constrained industry segments such as distribution automation and other energy applications.

Figure 3 Cisco IR807 Ruggedized Gateway

 

256035.jpg

blank.gifCisco IR807 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/800-series-industrial-routers/datasheet-c78-739643.html

blank.gifCisco IR807 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/807/hardware/install/guide/b_IR807hwinst.html

Cisco IR809 Ruggedized Gateway

The IR809 is Cisco's smallest multimode 3G and 4G LTE wireless router, which makes it an excellent solution for use cases where a full featured router with edge compute is required and space is a constrained.

Figure 4 Cisco IR809 Ruggedized Gateway

 

256036.jpg

blank.gifCisco IR809 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/809-industrial-router/datasheet-c78-734980.html

blank.gifCisco IR809 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/809/hardware/install/guide/b_809hwinst.html

Cisco IR829 Ruggedized Gateway

The IR829 is Cisco's flagship IoT gateway, purpose built for deployment on board a vehicle. The optional Dual-LTE feature provides multi-path LTE and/or WAN backhaul for mission-critical IoT initiatives requiring highly-secure data delivery, edge application execution, and redundant connectivity. With two LTE modems, the IR829 can concurrently connect to two cellular networks for high reliability, enhanced data throughputs, load balancing, and differentiated services.

Figure 5 Cisco IR829 Ruggedized Gateway

 

256037.jpg

blank.gifCisco IR829 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/829-industrial-router/datasheet-c78-734981.html

blank.gifCisco IR829 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/hardware/install/guide/b_IR829-HIG.html

Key features of the IR829 include:

blank.gifSeamless switching between wireless networks without manual intervention to ensure transparency to users. Devices (laptops, smart devices, sensors, and cameras) and applications maintain continuous connectivity as the WAN links change.

blank.gifAllows an entire mobile network or subnet to stay connected since the dual-radio 2.4GHz and 5 Ghz WLAN can serve as both clients and access points.

blank.gifBuilt-in GPS systems to track vehicle fleets.

blank.gifDual Subscriber Identity Module (SIM) support for reliability and multi-homing capabilities over LTE and HSPA-based networks. The two SIMs operate in active/backup mode on the single LTE models of the IR829. On the Dual-LTE IR829, the two SIMs can operate in active/active mode with each of the SIMs assigned to different cellular carriers

Dual SIM active/backup mode is supported only on single LTE models of the IR829.

Cisco IR1101 Ruggedized Gateway

The Cisco IR1101 Integrated Services Router Rugged (IR1101) is Cisco's smallest modular industrial router. Designed in a highly modular form factor, it is an ideal solution for remote asset management across multiple industrial vertical markets.

Figure 6 Cisco IR1101 Ruggedized Gateway

 

257968.jpg

Figure 7 Cisco IR1101 Expansion Module

 

257970.jpg

 

257969.jpg

blank.gifCisco IR1101 Datasheet:
https://www.cisco.com/c/en/us/products/collateral/routers/1101-industrial-integrated-services-router/datasheet-c78-741709.html

blank.gifCisco IR1101 Hardware Installation Guide:
https://www.cisco.com/c/en/us/td/docs/routers/access/1101/hardware/installation/guide/1101hwinst.html

Select Hardware Features

Choice of Antennas

All Cisco hardware offer a wide range of antenna options to support the use case requirements. Best practices for antenna installation include:

blank.gifAntenna should offer MIMO on LTE. Without MIMO, WCDMA, UMTS, HSPA, and DC-HSPA+ are only possible for diversity. In the case of 3G UMTS, a solo antenna limits switching to the diversity port.

blank.gifInstall the router with two antennas (Main and Aux) to guarantee the best performance level. A single antenna may affect downlink performance by more than 3dB and by as much as 20dB because of multipath fading (destructive interference between direct and reflected radio waves).

blank.gifWe recommend the use of multi-element antennas (5-in-1, 3-in-1, 2-in-1) to avoid streams interfering with each other. If, instead, MIMO antennas that have a strong correlation coefficient were installed, the system may have trouble separating them (leading to interference).

blank.gifOn the IR829, ensure physical spacing between antennas to allow for RF isolation between different radios. The router requires a guaranteed >15dB (ideally 20-25dB) isolation between Wi-Fi and LTE antennas to ensure optimum performance.

For guidance on antenna installation for the different gateways (Cellular Antenna, WLAN Antenna-5 Ghz, WLAN Antenna- 2.4GHz), refer to the Cisco Industrial Routers and Industrial Wireless Access Points Antenna Guide at:
https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-and-industrial-wireless-antenna-guide.html

To help with antenna selection, refer to the Antenna Selection Table at:
https://www.cisco.com/c/en/us/td/docs/routers/connectedgrid/antennas/installing-combined/industrial-routers-and-industrial-wireless-antenna-guide/Antenna-Selection.html

SIM-based Auto-Carrier Selection (AutoSIM)

The router automatically detects the active SIM and configures its modem for the appropriate cellular carrier when an active SIM is inserted and powered up, which provides a number of benefits including:

blank.gifSimplified configuration and reduced setup time

blank.gifSingle SKU for all carriers

blank.gifSimplified procurement, reduced inventory complexity, and simplified deployments

Figure 8 Industrial Router Auto SIM

 

256041.jpg

Gyroscope/Accelerometer

The IR829 includes a built-in gyroscope and accelerometer that can detect linear acceleration and angular movement. This functionality could be used to detect equipment tampering or assist in automotive applications where movement is involved. Devices connected to the serial port can access the accelerometer and gyroscope data through the IOS CLI or IOx. These routers will, by default, take an accelerometer and gyroscope reading every second. However, the configuration can be changed to take a reading once every six or 60 seconds.

SSD Storage

The IR829-M models offer the option for an mSATA Solid State Disk that is available in 50 and 100 GB capacities. This replaces the four GB of disk storage available in other IR829 models and is only visible and usable in IOx. Once the module is installed, no additional configuration is needed to use the extra disk space. Since this module is not hot-swappable, the router will need to be powered off before installing the module.

For additional information on the mSATA SSD module, refer to mSATA SSD as Additional Storage at:
https://www.cisco.com/c/en/us/td/docs/routers/access/800/829/software/configuration/guide/b_IR800config/b_IR800config_chapter_01011.pdf

Ignition Power Management

The Ignition Power Management feature helps keep the IR829 gateway up and running while the vehicle is stopped without draining the vehicle battery. Additional benefits of the Ignition Power Management system include:

blank.gifZero boot up time (no cold start) because the platform stays powered up for a pre-determined period of time when the vehicle engine is turned off. The pre-determined period is programmable between 60 to 7200 seconds (2H00) using the IOS ignition off-timer command.

blank.gifEnergy management by allowing users to program automatic power-down of the router when the vehicle battery drops below a certain voltage threshold.

blank.gifVehicle power fluctuations can be mitigated since the IR829 withstands the cold crank down to 6V for a period of time specified in the ISO-7637-2.

blank.gifIOS-based discharge management to prevent battery discharge by turning the router off if the vehicle has the ignition off for a period of time (programmable) and protects the router by turning the router off if the battery voltage rises above a certain level (fixed amount of time).

blank.gifAutomatic event logging including ignition state (on or off), ignition-off timer expiry, features enabled or disabled through the CLI, and under-voltage and over-voltage events.

Figure 9 Ignition Power Management Features

 

256039.jpg

Figure 10 Ignition Power Management

 

256040.jpg

Ordering Information

An updated list of supported hardware and firmware versions is maintained at:
https://developer.cisco.com/docs/kinetic/#!supported-gateways-and-firmware/supported-gateways

To enable Cisco Kinetic GMM on Cisco gateways, order the following option in the catalog:

blank.gifOption PID: IR-CLOUD-MGMT-Enable the gateway to be ready for cloud management.

Full ordering information is covered in the Ordering Guide:
https://www.cisco.com/c/dam/en/us/products/se/2018/12/Collateral/kinetic-ess-cloud-og.pdf

When ordering new gateways for greenfield deployments, use one of the following base routers:

blank.gifIR807

blank.gifIR809

blank.gifIR829

blank.gifIR1101

Once the base router is selected, options for specific hardware models and Kinetic GMM subscription terms are made available. The available hardware SKUs supported in Kinetic GMM are listed in the next section.

Kinetic GMM Gateway Compatibility

Kinetic GMM supports the management of Cisco IR 8x9 series gateways, which currently includes the IR807, IR809, IR829, and IR1101 models as shown in Table 6, Table 7, and Table 8.

 

Table 6 IR807 and IR809 Hardware SKUs
Region
IR807
IR809

North America (US AT&T, Canada)

IR807G-LTE-NA-K9

IR809G-LTE-NA-K9

US-Verizon

IR807G-LTE-VZ-K9

Refer to IR1101 versions (Table 8) or an acceptable IR807 version for Verizon.

Europe

IR807G-LTE-GA-K9

Refer to IR1101 versions (Table 8) or an acceptable IR807 version for Europe.

APJC and Latin America

--

IR809G-LTE-LA-K9

Because of the differences in LTE bands supported by different operators across the globe, we encourage you to consult in-country sales resources to validate ordering information for your country. Table 7 contains the available SKUs when this document was published.

Table 7 IR829 Hardware SKUs

Region
IR829M (with mSATA + PoE Option, Single or Dual LTE)
IR829B (Single LTE, No mSATA or PoE)
IR829-2LTE (Dual LTE, PoE Option, no mSATA)
IR829GW (PoE option, no mSATA)

North America (US AT&T)

IR829M-LTE-EA-BK9
IR829M-2LTE-EA-BK9

IR829B-LTE-EA-BK9

IR829-2LTE-EA-BK9

--

US-Verizon

--

--

--

IR829M-LTE-EA-BK9

Canada

IR829M-LTE-EA-EK9
IR829M-2LTE-EA-EK9

IR829B-LTE-EA-EK9

IR829-2LTE-EA-EK9

IR829GW-LTE-NA-EK9

Europe

IR829M-LTE-EA-EK9
IR829M-2LTE-EA-EK9

IR829B-LTE-EA-EK9

IR829-2LTE-EA-EK9

IR829M-LTE-EA-EK9

APJC

Australia
New Zealand
China
Hong Kong
India
Japan
Korea
Malaysia

IR829M-LTE-LA-ZK9

IR829GW-LTE-LA-ZK9

--

IR829GW-LTE-LA-SK9
IR829M-LTE-LA-ZK9
IR829M-LTE-LA-ZK9
IR829GW-LTE-LA-HK9
IR829GW-LTE-LA-SK9
IR829GW-LTE-LA-QK9
IR829GW-LTE-LA-QK9
IR829GW-LTE-LA-KK
IR829GW-LTE-LA-HK9
IR829GW-LTE-LA-LK9

Latin America

Brazil
Panama

IR829M-LTE-LA-ZK9

--

--

IR829GW-LTE-LA-ZK9
IR829GW-LTE-LA-NK9

 

Table 8 IR1101 Hardware SKUs
Region
Base Router
LTE Module

US, Verizon

IR1101-K9

P-LTE-VZ(=)

US, AT&T

IR1101-K9

P-LTE-US(=)

Europe

IR1101-K9

P-LTE-GB(=)

Kinetic GMM Subscription Details

Kinetic GMM is available as part of the Cisco Kinetic platform subscription. Cloud-hosted Kinetic GMM is sold based on the number of gateways under management. You can purchase a subscription for a 12, 36, or 60-month period. Since Cisco Kinetic GMM is a cloud-hosted platform, you will automatically receive periodic updates to stay up-to-date with the latest version of the software. You can choose to prepay the subscription price for the entire term or on an annualized basis.

Kinetic GMM Services and Support

Your Kinetic GMM base software subscription entitles you to limited 12x5 phone/TAC support. The limited support includes access to trained TAC personnel via phone, web, and email. In addition, support includes the continuous monitoring of the Kinetic Cloud Operations. You can also access online resources, including the knowledge base and tutorials. No additional products, licenses, or fees are required to access basic support services with the Cisco Kinetic GMM subscription. Enhanced support is available for an additional fee.

Common Issues and Troubleshooting

For additional detailed troubleshooting procedures, refer to:
https://developer.cisco.com/docs/kinetic/#!gateway-diagnostics

Common Gateway Issues

Stuck in Registering for more than 10 minutes.

This usually indicates that the gateway is not able to contact Cisco Kinetic:

blank.gifFor cellular gateways, ensure that a SIM card was inserted and has a valid data plan.

blank.gifIf Ethernet-based gateways are used, verify that the required network ports are open and that no firewalls are blocking the gateway from reaching the internet.

Stuck in the In Progress State for more than 10 minutes:

blank.gifEnsure that the gateway did not go offline and internet connectivity is still present.

blank.gifCheck the Gateway Event Logs under the Gateway Details page to see if the gateway registered successfully and was configured.

blank.gifVerify that the WAN interface configuration is correct in the template used to claim the gateway.

Gateway is in Failed State:

blank.gifEnsure that the gateway did not go offline and internet connectivity is still present.

blank.gifCheck that the gateway model and model for the associated template are the same.

blank.gifVerify that the WAN interface configuration is correct in the template used to claim the gateway.

GPS Troubleshooting

If the gateway location is not being updated correctly on the map view:

blank.gifWait for the update to occur. The gateway location is updated every 30 seconds.

blank.gifVerify that GPS is enabled on the Gateway Details -> Current Config page.

blank.gifIf GPS is not in enabled state, check if the gateway was claimed using a configuration that enabled GPS. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

blank.gifEnsure that the correct GPS antennas are attached to the gateway.

blank.gifDelete and reclaim the gateway with the correct configuration if required.

Login Troubleshooting

blank.gifEnsure that you or your user has a valid account in the portal.

blank.gifClick Forgot Password to reset a password.

Private Subnet Troubleshooting

If the devices connected to the gateway are not getting assigned the right DHCP IP addresses:

blank.gifIf private subnet is not enabled, the devices will be assigned IP addresses from Cisco Kinetic.

blank.gifVerify that the private subnet is enabled on the Gateway Details -> Current Config page.

blank.gifIf private subnet is not enabled, check if the gateway was claimed using a configuration that enabled private subnet. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

blank.gifVerify that the configuration details entered for configuration are correct.

blank.gifDelete and reclaim the gateway with the correct configuration if required.

Customer VPN Troubleshooting

If the gateway is not able to establish a tunnel with the HER:

blank.gifVerify that VPN is enabled on the Gateway Current Config page.

blank.gifIf the VPN is not enabled, check if the device was claimed using a configuration that enabled the Customer VPN. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied.

blank.gifVerify that the details entered for the VPN configuration are correct.

blank.gifVerify that the configuration on your HER is correct and that it allows the gateways to establish tunnels with the provided configuration.

blank.gifDelete and reclaim the gateway with the correct configuration if required.

Note: A known issue exists where site-to-site VPN tunnels and the site-to-site VPN tunnel IP Address on the Gateway Details page can take up to 30 minutes to update after it is successfully enabled.

WGB Troubleshooting

If the gateway is not able to connect to the root access point:

blank.gifVerify that WGB is enabled on the Gateway Details -> Current Config page.

blank.gifIf it is not enabled, check if the gateway was claimed using a configuration that enabled WGB. This can be checked in the Gateway Event Logs. Note:

blank.gifConfirm that the details entered for the WGB configuration are correct.

blank.gifEnsure that the correct antennas are attached to the gateway.

blank.gifWGB is supported only on the 5GHz radio. Verify that the root access point is compatible with this.

blank.gifMake sure the radio frequencies between AP and the WGB device are in the same domain and have a common frequency.

blank.gifUse the command show controller Dot11 1 frequency to display the frequency channels.

Ideally, there will be many overlapping non-DFS channel between the IR829 gateway’s AP and the root AP.

blank.gifDelete and reclaim the gateway with the correct configuration if required.

Note: WGB is supported only on IR829 gateways that use cellular as the uplink and is not supported on IR809 gateways and Ethernet enabled IR829 gateways.

Note: For additional WGB troubleshooting information, see the Fleet Management module.

Wi-Fi Troubleshooting

If you are not able to connect any devices to the Wi-Fi hotspot configured on the gateway:

blank.gifEnsure that the correct SSID and preshared key are entered into the device.

blank.gifEnsure that the correct antenna is attached to the gateway and that the device is within range.

blank.gifVerify that Wi-Fi is enabled on the Gateway Details -> Current Config page.

blank.gifIf Wi-Fi is not enabled, check if the gateway was claimed using a configuration that enabled Wi-Fi. This can be checked in the Gateway Event Logs. There will be an entry indicating the configuration that was applied to the gateway. Ensure that the proper configuration was applied. Delete and reclaim the gateway with the correct configuration, if required.

blank.gifIf WGB is also enabled on the gateway, then Wi-Fi works only on the 2.4 GHz radio.

blank.gifWi-Fi is supported only on the IR829 gateways (not supported on IR809 devices).

For additional information on troubleshooting:

blank.gif https://developer.cisco.com/docs/kinetic/#!gateway-configuration-troubleshooting

blank.gif https://developer.cisco.com/docs/kinetic/#!deploy-your-gateways/troubleshooting

Appendix A—Firewall Ports for Kinetic GMM to Gateway Communication

Cisco Kinetic requires specific TCP/UDP network ports and IP protocols to be opened on the network firewall to communicate with the gateways. For the recommended settings, refer to the Zero Touch Provisioning module.

 

Table 9 TCP/UDP Ports

Port
Protocol
Destination
Description
Required for Kinetic Module

53

UDP

IP of assigned DNS server

GW must have access to DNS resolution service.

Domain Name System (DNS) us.ciscokinetic.ioeu.ciscokinetic.io

GMM and DCM

123

UDP

NTP Server: 129.6.15.30

Network Time Protocol (NTP)

GMM and DCM

500

UDP

US cluster: 34.208.182.252

EU cluster: 34.240.190.128

Bidirectional access is required for the Internet Security

Association and Key Management Protocol (ISAKMP)/Internet Key Exchange (IKE)

GMM and DCM

4500

UDP

US cluster: 34.208.182.252

EU cluster: 34.240.190.128

Bidirectional access is required for IPSec NAT Traversal

GMM and DCM

8883

TCP

US cluster: Name resolution of us.ciscokinetic.io

EU cluster: Name resolution of eu.ciscokinetic.io

The DNS name us.ciscokinetic.io resolves to:
54.71.117.77
34.216.139.206
52.11.218.197

The DNS name eu.ciscokinetic.io resolves to:
52.212.193.126
54.194.175.23
34.252.252.200

Secure MQTT (MQTT over TLS) for the data pipeline.

Required for Cisco Kinetic DCM only when publishing to the Kinetic cloud.

You can use MQTT over Web sockets (TCP 443) instead.

DCM

443

TCP

US cluster: Name resolution of mqtt-us.ciscokinetic.io

EU cluster: Name resolution of mqtt-eu.ciscokinetic.io

The DNS name us.ciscokinetic.io resolves to:
54.71.117.77
34.216.139.206
52.11.218.197

The DNS name eu.ciscokinetic.io resolves to:
52.212.193.126
54.194.175.23
34.252.252.200

Secure MQTT (MQTT over Web Socket) for the data pipeline.

Required for Cisco Kinetic DCM only when publishing to the Kinetic cloud. Can use MQTT over TLS instead.

9123

TCP

US cluster: Name resolution of us.ciscokinetic.io

EU cluster: Name resolution of eu.ciscokinetic.io

The DNS name us.ciscokinetic.io resolves to:
54.71.117.77
34.216.139.206
52.11.218.197

The DNS name eu.ciscokinetic.io resolves to:
52.212.193.126
54.194.175.23
34.252.252.200

Call-home registration.

Required for all gateways shipped from Cisco November 15, 2018 or earlier or if the gateway was provisioned using a GPT version 1.91.2.7 or earlier.

GMM

9124

TCP

US cluster: Name resolution of us.ciscokinetic.io

EU cluster: Name resolution of eu.ciscokinetic.io

The DNS name us.ciscokinetic.io resolves to:
54.71.117.77
34.216.139.206
52.11.218.197

The DNS name eu.ciscokinetic.io resolves to:
52.212.193.126
54.194.175.23
34.252.252.200

Call-home registration.

Required for all gateways shipped from Cisco on or after November 16, 2018 or if the gateway was provisioned using GPT version 1.91.2.8 or later.

GMM

 

Table 10 IP Protocol Requirements
Port
Protocol
Destination
Description
Required for Product

50

IP

US cluster: 34.208.182.252

EU cluster: 34.240.190.128

Encapsulating Security Payload (ESP)

GMM and DCM

Appendix B—Hardware and Software Matrix

Table 11 lists the individual component versions that have been validated to work together as part of the CVD test effort.

 

Table 11 Validated Component Versions

Component
Hardware
Software

VPN HER

ASR1002-HX

IOS-XE 16.9.2

Mobile Gateway

Industrial Router 829

IOS Version 15.8(3)M2a

Modem Firmware: SWI9X30C_02.20.03.00

Embedded AP: 15.3(3)JI1

Remote Gateway

Industrial Router 807

Industrial Router 809

Industrial Router 1101

IOS for IR807, IR809: 15.8(3)M2a

IOS-XE for IR1101: 16.11.1

IR807 modem: SWI9X07Y_02.18.05.00

IR809 modem: SWI9X15C_05.05.58.00

Hypervisor

VMWare ESXi

Version 6.5.0

Wireless LAN Controller

Cisco Virtual Wireless Controller

Version 8.3.143.0

RADIUS Server

CentOS VM + FreeRADIUS

Version 7.5.1804 (Core) FreeRADIUS Version 3.0.13

Lightweight Access Point

Cisco Aironet 3702

Primary Software Version 8.3.143.0 IOS Version 15.3(3)JD16

Cisco Identity Services Engine (ISE)

Virtual machine

2.4.0.357

Microsoft Active Directory (AD)

Virtual machine

Windows Server 2016 version 1607

Cisco Prime Network Registrar (CPNR)

Virtual machine

10.0.0.1

Glossary

 

Term
Definition

AAA

Authentication, Authorization, and Accounting

AP

Access Point

APN

Access Point Name

AR

Active Router

CAPWAP

Control and Provisioning of Wireless Access Points

CLB

Cluster Load Balancing

CVD

Cisco Validated Design

DMVPN

Dynamic Multipoint VPN

DNS

Domain Name System

DoS

Denial of Service

DPD

Dead Peer Detection

EAP

Extensible Authentication Protocol

EAPoL

EAP over LAN

EEM

Embedded Event Manager

GMM

Cisco Kinetic Gateway Management Module

GPT

Cisco Kinetic Gateway Provisioning Tool

GRE

Generic Routing Encapsulation

HER

Headend Router

HSPA

High Speed Packet Access

HSRP

Hot Standby Router Protocol

ICMP

Internet Control Message Protocol

IDS

Intrusion Detection System

IKE

Internet Key Exchange

IoT

Internet of Things

IPS

Intrusion Prevention System

IR

Industrial Router

ISAKMP

Internet Security Association and Key Management Protocol

ISE

Cisco Identity Services Engine

LAP

Lightweight Access Point

LLG

Least Loaded Gateway

LTE

Long Term Evolution

LWAP

Lightweight Access Point

MIMO

Multiple-Input and Multiple-Output

MPLS

Multiprotocol Label Switching

MQC

Modular QoS

mSATA

mini-Serial Advanced Technology Attachment

NAT

Network Address Translation

NGE

Cisco Next-Generation Encryption

NHRP

Next Hop Resolution Protocol

NTP

Network Time Protocol

PoE

Power over Ethernet

PSK

Pre-Shared Keys

RaMA

Cisco Remote and Mobile Assets

RFC

Request for Comments

RHEL

Red Hat Enterprise Linux

RTU

Remote Terminal Unit

SCADA

Supervisory Control and Data Acquisition

SFP

Small Form-Factor Pluggable

SIM

Subscriber Identification Module

SVI

Switched Virtual Interface

UDP

User Datagram Protocol

VIP

Virtual IP address

VPN

Virtual Private Network

VRF

Virtual Route Forwarding

VTI

Virtual Tunnel Interface

vWLC

virtual Wireless LAN Controller

WAF

Web Application Firewall

WAN

Wide Area Network

WGB

Workgroup Bridge

WLC

Cisco Wireless LAN Controller

ZTD

Zero-Touch Deployment

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

About Us
Contact Us
Work with Us