WWAN - Wireless Wide-Area-Network¶
The Wireless Wide-Area-Network interface provides access (through a wireless modem/wwan) to wireless networks provided by various cellular providers.
VyOS uses the interfaces wwan subsystem for configuration.
Common interface configuration¶
Configure interface <interface> with one or more interface addresses.
- address can be specified multiple times as IPv4 and/or IPv6 address, e.g. 192.0.2.1/24 and/or 2001:db8::1/64
- dhcp interface address is received by DHCP from a DHCP server on this segment.
- dhcpv6 interface address is received by DHCPv6 from a DHCPv6 server on this segment.
set interfaces wwan wwan0 address 192.0.2.1/24 set interfaces wwan wwan0 address 2001:db8::1/64 set interfaces wwan wwan0 address dhcp set interfaces wwan wwan0 address dhcpv6
Set a human readable, descriptive alias for this connection. Alias is used by
show interfaces command or SNMP based monitoring tools.
set interfaces wwan wwan0 description 'This is an awesome interface running on VyOS'
Disable given <interface>. It will be placed in administratively down
set interfaces wwan wwan0 disable
Use this command to direct an interface to not detect any physical state changes on a link, for example, when the cable is unplugged.
Default is to detects physical link state changes.
set interfaces wwan wwan0 disable-link-detect
Configure MTU on given <interface>. It is the size (in bytes) of the largest ethernet frame sent on this link.
set interfaces wwan wwan0 mtu 9000
Once a neighbor has been found, the entry is considered to be valid for at least for this specifc time. An entry’s validity will be extended if it receives positive feedback from higher level protocols.
This defaults to 30 seconds.
set interfaces wwan wwan0 ip arp-cache-timeout 180
If set the kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems.
If not set (default) allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work).
In other words it allows control of which cards (usually 1) will respond to an arp request.
set interfaces wwan wwan0 ip disable-arp-filter
Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface.
set interfaces wwan wwan0 ip disable-forwarding
Define behavior for gratuitous ARP frames who’s IP is not already present in the ARP table. If configured create new entries in the ARP table.
Both replies and requests type gratuitous arp will trigger the ARP table to be updated, if this setting is on.
If the ARP table already contains the IP address of the gratuitous arp frame, the arp table will be updated regardless if this setting is on or off.
set interfaces wwan wwan0 ip enable-arp-accept
Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface.
Use any local address, configured on any interface if this is not set.
If configured, try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2.
set interfaces wwan wwan0 ip enable-arp-announce
Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses:
If configured, reply only if the target IP address is local address configured on the incoming interface.
If this option is unset (default), reply for any local target IP address, configured on any interface.
set interfaces wwan wwan0 ip enable-arp-ignore
Use this command to enable proxy Address Resolution Protocol (ARP) on this interface. Proxy ARP allows an Ethernet interface to respond with its own MAC address to ARP requests for destination IP addresses on subnets attached to other interfaces on the system. Subsequent packets sent to those destination IP addresses are forwarded appropriately by the system.
set interfaces wwan wwan0 ip enable-proxy-arp
Private VLAN proxy arp. Basically allow proxy arp replies back to the same interface (from which the ARP request/solicitation was received).
This is done to support (ethernet) switch features, like RFC 3069, where the individual ports are NOT allowed to communicate with each other, but they are allowed to talk to the upstream router. As described in RFC 3069, it is possible to allow these hosts to communicate through the upstream router by proxy_arp’ing.
Don’t need to be used together with proxy_arp.
This technology is known by different names:
- In RFC 3069 it is called VLAN Aggregation
- Cisco and Allied Telesyn call it Private VLAN
- Hewlett-Packard call it Source-Port filtering or port-isolation
- Ericsson call it MAC-Forced Forwarding (RFC Draft)
Enable policy for source validation by reversed path, as specified in RFC 3704. Current recommended practice in RFC 3704 is to enable strict mode to prevent IP spoofing from DDos attacks. If using asymmetric routing or other complicated routing, then loose mode is recommended.
- strict: Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded.
- loose: Each incoming packet’s source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail.
- disable: No source validation
SLAAC RFC 4862. IPv6 hosts can configure themselves automatically when connected to an IPv6 network using the Neighbor Discovery Protocol via ICMPv6 router discovery messages. When first connected to a network, a host sends a link-local router solicitation multicast request for its configuration parameters; routers respond to such a request with a router advertisement packet that contains Internet Layer configuration parameters.
This method automatically disables IPv6 traffic forwarding on the interface in question.
set interfaces wwan wwan0 ipv6 address autoconf
EUI-64 as specified in RFC 4291 allows a host to assign iteslf a unique 64-Bit IPv6 address.
set interfaces wwan wwan0 ipv6 address eui64 2001:db8:beef::/64
Do not assign a link-local IPv6 address to this interface.
set interfaces wwan wwan0 ipv6 address no-default-link-local
Configure interface-specific Host/Router behaviour. If set, the interface will switch to host mode and IPv6 forwarding will be disabled on this interface.
set interfaces wwan wwan0 ipv6 disable-forwarding
Place interface in given VRF instance.
There is an entire chapter about how to configure a VRF, please check this for additional information.
set interfaces wwan wwan0 vrf red
RFC 2131 states: The client MAY choose to explicitly provide the identifier through the ‘client identifier’ option. If the client supplies a ‘client identifier’, the client MUST use the same ‘client identifier’ in all subsequent messages, and the server MUST use that identifier to identify the client.
set interfaces wwan wwan0 dhcp-options client-id 'foo-bar'
Instead of sending the real system hostname to the DHCP server, overwrite the host-name with this given-value.
set interfaces wwan wwan0 dhcp-options host-name 'VyOS'
The vendor-class-id option can be used to request a specific class of vendor options from the server.
set interfaces wwan wwan0 dhcp-options vendor-class-id 'VyOS'
Only request an address from the DHCP server but do not request a default gateway.
set interfaces wwan wwan0 dhcp-options no-default-route
The DHCP unique identifier (DUID) is used by a client to get an IP address from a DHCPv6 server. It has a 2-byte DUID type field, and a variable-length identifier field up to 128 bytes. Its actual length depends on its type. The server compares the DUID with its database and delivers configuration data (address, lease times, DNS servers, etc.) to the client.
set interfaces wwan wwan0 duid '0e:00:00:01:00:01:27:71:db:f0:00:50:56:bf:c5:6d'
This statement specifies dhcp6c to only exchange informational configuration parameters with servers. A list of DNS server addresses is an example of such parameters. This statement is useful when the client does not need stateful configuration parameters such as IPv6 addresses or prefixes.
set interfaces wwan wwan0 dhcpv6-options parameters-only
When rapid-commit is specified, dhcp6c will include a rapid-commit option in solicit messages and wait for an immediate reply instead of advertisements.
set interfaces wwan wwan0 dhcpv6-options rapid-commit
Request only a temporary address and not form an IA_NA (Identity Association for Non-temporary Addresses) partnership.
set interfaces wwan wwan0 dhcpv6-options temporary
DHCPv6 Prefix Delegation (PD)
VyOS 1.3 (equuleus) supports DHCPv6-PD (RFC 3633). DHCPv6 Prefix Delegation is supported by most ISPs who provide native IPv6 for consumers on fixed networks.
Some ISPs by default only delegate a /64 prefix. To request for a specific prefix size use this option to request for a bigger delegation for this pd <id>. This value is in the range from 32 - 64 so you could request up to a /32 prefix (if your ISP allows this) down to a /64 delegation.
The default value corresponds to 64.
To request a /56 prefix from your ISP use:
set interfaces wwan wwan0 dhcpv6-options pd 0 length 56
Specify the interface address used locally on the interfcae where the prefix has been delegated to. ID must be a decimal integer.
It will be combined with the delegated prefix and the sla-id to form a complete interface address. The default is to use the EUI-64 address of the interface.
Example: Delegate a /64 prefix to interface eth8 which will use a local
address on this router of
<prefix>::ffff, as the address 65534 will
ffff in hexadecimal notation.
set interfaces wwan wwan0 dhcpv6-options pd 0 interface eth8 address 65534
Specify the identifier value of the site-level aggregator (SLA) on the interface. ID must be a decimal number greater then 0 which fits in the length of SLA IDs (see below).
Example: If ID is 1 and the client is delegated an IPv6 prefix 2001:db8:ffff::/48, dhcp6c will combine the two values into a single IPv6 prefix, 2001:db8:ffff:1::/64, and will configure the prefix on the specified interface.
set interfaces wwan wwan0 dhcpv6-options pd 0 interface eth8 sla-id 1
WirelessModem (WWAN) options¶
Show detailed information on given <interface>
vyos@vyos:~$ show interfaces wwan wwan0 wwan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000 link/ether 02:c2:f3:00:01:02 brd ff:ff:ff:ff:ff:ff inet 10.155.144.12/30 brd 10.155.144.15 scope global dynamic wwan0 valid_lft 7012sec preferred_lft 7012sec inet6 fe80::c2:f3ff:fe00:0102/64 scope link valid_lft forever preferred_lft forever RX: bytes packets errors dropped overrun mcast 640 2 0 0 0 0 TX: bytes packets errors dropped carrier collisions 3229 16 0 0 0 0
Show detailed information summary on given <interface>
vyos@vyos:~$ show interfaces wwan wwan0 summary -------------------------------- General | dbus path: /org/freedesktop/ModemManager1/Modem/0 | device id: 79f4e9cc2e9fc8d4a3b8c8f6327c2e363170194d -------------------------------- Hardware | manufacturer: Sierra Wireless, Incorporated | model: MC7710 | revision: SWI9200X_03.05.29.03ap r6485 CNSHZ-ED-XP0031 2014/12/02 17:53:15 | h/w revision: 1.0 | supported: gsm-umts, lte | current: gsm-umts, lte | equipment id: 358xxxxxxxxxxxx -------------------------------- System | device: /sys/devices/pci0000:00/0000:00:13.0/usb3/3-1/3-1.3 | drivers: qcserial, qmi_wwan | plugin: Generic | primary port: cdc-wdm0 | ports: ttyUSB0 (qcdm), ttyUSB2 (at), cdc-wdm0 (qmi), wwan0 (net) -------------------------------- Numbers | own: 4917xxxxxxxx -------------------------------- Status | lock: sim-pin2 | unlock retries: sim-pin (3), sim-pin2 (3), sim-puk (10), sim-puk2 (10) | state: connected | power state: on | access tech: lte | signal quality: 63% (recent) -------------------------------- Modes | supported: allowed: 2g; preferred: none | allowed: 3g; preferred: none | allowed: 4g; preferred: none | allowed: 2g, 3g; preferred: 3g | allowed: 2g, 3g; preferred: 2g | allowed: 2g, 4g; preferred: 4g | allowed: 2g, 4g; preferred: 2g | allowed: 3g, 4g; preferred: 3g | allowed: 3g, 4g; preferred: 4g | allowed: 2g, 3g, 4g; preferred: 4g | allowed: 2g, 3g, 4g; preferred: 3g | allowed: 2g, 3g, 4g; preferred: 2g | current: allowed: 2g, 3g, 4g; preferred: 2g -------------------------------- Bands | supported: egsm, dcs, pcs, utran-1, utran-8, eutran-1, eutran-3, | eutran-7, eutran-8, eutran-20 | current: egsm, dcs, pcs, utran-1, utran-8, eutran-1, eutran-3, | eutran-7, eutran-8, eutran-20 -------------------------------- IP | supported: ipv4, ipv6, ipv4v6 -------------------------------- 3GPP | imei: 358xxxxxxxxxxxx | operator id: 26201 | operator name: Telekom.de | registration: home -------------------------------- 3GPP EPS | ue mode of operation: ps-1 -------------------------------- SIM | dbus path: /org/freedesktop/ModemManager1/SIM/0 -------------------------------- Bearer | dbus path: /org/freedesktop/ModemManager1/Bearer/0
Show WWAN module hardware capabilities.
vyos@vyos:~$ show interfaces wwan wwan0 capabilities Max TX channel rate: '50000000' Max RX channel rate: '100000000' Data Service: 'simultaneous-cs-ps' SIM: 'supported' Networks: 'gsm, umts, lte' Bands: 'gsm-dcs-1800, gsm-900-extended, gsm-900-primary, gsm-pcs-1900, wcdma-2100, wcdma-900' LTE bands: '1, 3, 7, 8, 20'
Show WWAN module firmware.
vyos@vyos:~$ show interfaces wwan wwan0 firmware Model: MC7710 Boot version: SWI9200X_03.05.29.03bt r6485 CNSHZ-ED-XP0031 2014/12/02 17:33:08 AMSS version: SWI9200X_03.05.29.03ap r6485 CNSHZ-ED-XP0031 2014/12/02 17:53:15 SKU ID: unknown Package ID: unknown Carrier ID: 0 Config version: unknown
Show WWAN module IMEI.
vyos@vyos:~$ show interfaces wwan wwan0 imei ESN: '0' IMEI: '358xxxxxxxxxxxx' MEID: 'unknown'
Show WWAN module IMSI.
vyos@vyos:~$ show interfaces wwan wwan0 imsi IMSI: '262xxxxxxxxxxxx'
Show WWAN module model.
vyos@vyos:~$ show interfaces wwan wwan0 model Model: 'MC7710'
Show WWAN module MSISDN.
vyos@vyos:~$ show interfaces wwan wwan0 msisdn MSISDN: '4917xxxxxxxx'
Show WWAN module hardware revision.
vyos@vyos:~$ show interfaces wwan wwan0 revision Revision: 'SWI9200X_03.05.29.03ap r6485 CNSHZ-ED-XP0031 2014/12/02 17:53:15'
Show WWAN module signal strength.
vyos@vyos:~$ show interfaces wwan wwan0 signal LTE: RSSI: '-74 dBm' RSRQ: '-7 dB' RSRP: '-100 dBm' SNR: '13.0 dB' Radio Interface: 'lte' Active Band Class: 'eutran-3' Active Channel: '1300'
Show WWAN module SIM card information.
vyos@vyos:~$ show interfaces wwan wwan0 sim Provisioning applications: Primary GW: slot '1', application '1' Primary 1X: session doesn't exist Secondary GW: session doesn't exist Secondary 1X: session doesn't exist Slot : Card state: 'present' UPIN state: 'not-initialized' UPIN retries: '0' UPUK retries: '0' Application : Application type: 'usim (2)' Application state: 'ready' Application ID: A0:00:00:00:87:10:02:FF:49:94:20:89:03:10:00:00 Personalization state: 'ready' UPIN replaces PIN1: 'no' PIN1 state: 'disabled' PIN1 retries: '3' PUK1 retries: '10' PIN2 state: 'enabled-not-verified' PIN2 retries: '3' PUK2 retries: '10'
The following example is based on a Sierra Wireless MC7710 miniPCIe card (only the form factor in reality it runs UBS) and Deutsche Telekom as ISP. The card is assembled into a PC Engines APU4.
set interfaces wwan wwan0 apn 'internet.telekom' set interfaces wwan wwan0 address 'dhcp'
The following hardware modules have been tested successfully in an PC Engines APU4 board:
- Sierra Wireless AirPrime MC7304 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7430 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7455 miniPCIe card (LTE)
- Sierra Wireless AirPrime MC7710 miniPCIe card (LTE)
- Huawei ME909u-521 miniPCIe card (LTE)
- Huawei ME909s-120 miniPCIe card (LTE)
All available WWAN cards have a build in, reprogrammable firmware. Most of the vendors provide a regular update to the firmware used in the baseband chip.
As VyOS makes use of the QMI interface to connect to the WWAN modem cards, also the firmware can be reprogrammed.
To update the firmware, VyOS also ships the qmi-firmware-update binary. To
upgrade the firmware of an e.g. Sierra Wireless MC7710 module to the firmware
provided in the file
use the following command:
$ sudo qmi-firmware-update --update -d 1199:68a2 \ 9999999_9999999_9200_03.05.14.00_00_generic_000.000_001_SPKG_MC.cwe