Tags
We are currently working on a project to implement DMVPN (IWAN) over BGAN. This is the process I went through to discover how to send AT commands from our Cisco IOS Router to the BGAN unit.
Router Configuration
vrf definition INMARSAT rd 1:1 ! address-family ipv4 exit-address-family ! interface GigabitEthernet0 vrf forwarding INMARSAT ip address dhcp !
Telnet to the BGAN Unit.
LAB-819# telnet 192.168.128.100 /vrf INMARSAT Trying 192.168.128.100 ... Open VxWorks login: bganuser Password: broadband
Getting Help in VxWorks
When interacting with VxWorks, you can type help to get the main help menu. Note that the help menu is broken up into additional subHelp menus providing topics on specific types of tasks.
-> help
help Print this list
dbgHelp Print debugger help info
edrHelp Print ED&R help info
ioHelp Print I/O utilities help info
nfsHelp Print nfs help info
netHelp Print network help info
rtpHelp Print process help info
spyHelp Print task histogrammer help info
timexHelp Print execution timer help info
h [n] Print (or set) shell history
i [task] Summary of tasks' TCBs
ti task Complete info on TCB for task
sp adr,args... Spawn a task, pri=100, opt=0x19, stk=20000
taskSpawn name,pri,opt,stk,adr,args... Spawn a task
td task Delete a task
ts task Suspend a task
tr task Resume a task
tw task Print pending task detailed info
w [task] Print pending task info
d [adr[,nunits[,width]]] Display memory
m adr[,width] Modify memory
mRegs [reg[,task]] Modify a task's registers interactively
pc [task] Return task's program counter
iam "user"[,"passwd"] Set user name and passwd
whoami Print user name
devs List devices
ld [syms[,noAbort][,"name"]] Load stdin, or file, into memory
(syms = add symbols to table:
-1 = none, 0 = globals, 1 = all)
lkup ["substr"] List symbols in system symbol table
lkAddr address List symbol table entries near address
checkStack [task] List task stack sizes and usage
printErrno value Print the name of a status value
period secs,adr,args... Spawn task to call function periodically
repeat n,adr,args... Spawn task to call function n times (0=forever)
version Print VxWorks version info, and boot line
shConfig ["config"] Display or set shell configuration variables
strFree [address] Free strings allocated within the shell (-1=all)
NOTE: Arguments specifying 'task' can be either task ID or name.
value = 1 = 0x1
Execute the netHelp command to retrieve syntax for network related commands.
-> netHelp
hostAdd "hostname","inetaddr" - add a host to remote host table;
"inetaddr" must be in standard
Internet address format e.g. "90.0.0.4"
hostShow - print current remote host table
netDevCreate "devname","hostname",protocol
- create an I/O device to access files
on the specified host
(protocol 0=rsh, 1=ftp)
routeAdd "destaddr","gateaddr" - add route to route table
routeDelete "destaddr","gateaddr" - delete route from route table
routeShow - print current route table
iam "usr"[,"passwd"] - specify the user name by which you
will be known to remote hosts
(and optional password)
whoami - print the current remote ID
rlogin "host" - log in to a remote host;
"host" can be inet address or
host name in remote host table
ifShow ["ifname"] - show info about network interfaces
inetstatShow - show all Internet protocol sockets
tcpstatShow - show statistics for TCP
udpstatShow - show statistics for UDP
ipstatShow - show statistics for IP
icmpstatShow - show statistics for ICMP
arptabShow - show a list of known ARP entries
mbufShow - show mbuf statistics
EXAMPLE: -> hostAdd "wrs", "90.0.0.2"
-> netDevCreate "wrs:", "wrs", 0
-> iam "fred"
-> copy rlogin "wrs" /* rlogin to host "wrs" */
value = 1 = 0x1
ipstatShow
ipstatShow is similar to netstat in linux or unix systems and provides a listing of running services which are listening for connections to the system as well as current sockets in use.
-> inetstatShow Active Internet connections (including servers) PCB Proto Recv-Q Send-Q Local Address Foreign Address (state) -------- ----- ------ ------ --------------------- --------------------- ------- a0c41920 TCP 0 0 192.168.128.100.23 192.168.128.102.23048 ESTABLISHED a0c406c0 TCP 0 0 0.0.0.0.1829 0.0.0.0.0 LISTEN a0c3fee0 TCP 0 0 0.0.0.0.1828 0.0.0.0.0 LISTEN a0c3f9a0 TCP 0 0 0.0.0.0.80 0.0.0.0.0 LISTEN a0c3f460 TCP 0 0 0.0.0.0.1825 0.0.0.0.0 LISTEN a0c3ef20 TCP 0 0 0.0.0.0.1827 0.0.0.0.0 LISTEN a0c3e200 TCP 0 0 0.0.0.0.21 0.0.0.0.0 LISTEN a0c3dcc0 TCP 0 0 0.0.0.0.23 0.0.0.0.0 LISTEN a0c36080 UDP 0 0 0.0.0.0.1025 0.0.0.0.0 a0c35cc0 UDP 0 0 0.0.0.0.67 0.0.0.0.0 a0c35b80 UDP 0 0 127.0.0.1.1024 127.0.0.1.17185 a0c357c0 UDP 0 0 0.0.0.0.17185 0.0.0.0.0 value = 1 = 0x1 ->exit
Note the results of the table above:
- Our current active Telnet Session.
- Unknown (non-registered) TCP Ports … these are what we will be looking into.
- HTTP Daemon providing local management of UT (User Terminal aka BGAN IDU/ODU).
- FTP Daemon providing access to local filesystem.
- Unknown (non-registered) UDP Ports.
- BOOTP/DCHP Daemon providing Address Assignment on the LAN.
Identifying Services on Unknown TCP Ports
So now that we have identified the listening TCP and UDP sockets in the unit, lets try and identify what each TCP port is used for.
LAB-819# telnet 192.168.128.100 1825 /vrf INMARSAT Trying 192.168.128.100, 1825 ... Open Accepted connection from client 192.168.128.102 on port 48648. [ UMTSMB] LVL:CRITICAL TIM:6544835 umtsmendScanAcaAlwaysOnEntries: ACA ALWAYS ON context(1) is NOT active. [ UMTSMB] LVL:CRITICAL TIM:6544835 ACA SCAN PDP Reactivation Request: CID [1] [ psCtrl] LVL:CRITICAL TIM:6545284 umop_handle_pdp_activate_rej: rab_id [1], c_id [1] [ psCtrl] LVL:CRITICAL TIM:6545284 umop_handle_pdp_activate_rej: pclSMCauseValueIE = 0x1d ...response shortened for brevity... <Press ctrl-shift-6 x keys> LAB-819# disconnect Closing connection to 192.168.128.100 [confirm]<Press enter key> LAB-819#
It appears that Port 1825 is being utilized as a monitor or logging port. Lets try 1827.
LAB-819# telnet 192.168.128.100 1827 /vrf INMARSAT Trying 192.168.128.100, 1827 ... Open AT ATD EHLO HELO HELP help <Press ctrl-shift-6 x keys>
Well we’ll have to dig back into that one later.. lets take a look at 1828
LAB-819# telnet 192.168.128.100 1828 /vrf INMARSAT Trying 192.168.128.100, 1828 ... Open AT ATD EHLO HELO HELP help <Press ctrl-shift-6 x keys>
Again.. no response.. lets try 1829.
LAB-819# telnet 192.168.128.100 1829 /vrf INMARSAT DMVPN-LAB-SITE#telnet 192.168.128.100 1829 /vrf INM:OKE Trying 192.168.128.100, 1829 ... Open <enter> ERROR <enter> ERROR AT OK
Bingo… no this is looking promising. Lets now reference the Hughes AT Command Reference and see what we can’t accomplish.
AT OK AT_ILOG ERROR AT ?? ERROR
I spent quite some time in here trying to figure out why I couldn’t get any response but ERROR. After reading through some of the command reference I noticed a section on the AT_ICLCK: Facility Lock Configure which allows you lock, unlock, or interrogate a MT (Mobile Terminal) facility. By providing “AD” for Administrator Lock, 0 to Unlock and “admin” for the password the AT interface becomes available for interrogation. (admin is the default password and may need to be enabled in the Security Section of the Web GUI prior to issuing this command to continue.)
AT
OK
AT_ICLCK="AD",0,"admin"
OK
AT ??
Type "AT ??" to get a detailed description of the
Help commands
AT ?? List supported AT commands
ITU-T V.25ter: DTE-DCE Interface Commands
AT S Set register
AT E Command echo
ITU-T V.25ter: Call Control Commands
AT D Dial
AT H Hook control
ETSI GSM 07.07: General Commands
AT +CGMI Request Manufacturer Identification
AT +CGMM Request Model Identification
AT +CGMN Request Manufacturer Name
AT +CGMP Request Manufacturer Part Number
AT +CGMR Request Revision Identification
AT +CGMS Request Manufacturer Serial Number
AT +CGSN Request Product Serial Number Identification
AT +CSCS Select TE Character Set
AT +CIMI Request International Mobile Subscriber Identity (IMSI)
AT +CCLK Time of Day (UTC), as known to the terminal
AT +CNUM Subscriber Number
AT +CREG Network Registration
AT +COPS Operator Selection
AT +CPOL Preferred PLMN List
AT +CPLS Preferred PLMN List
AT +CLCK Facility Lock
AT +CPWD Change Password
AT +CCUG Closed User Group
AT +CLCC List Current Calls
AT +CUSD Unstructured Supplementary Service Data
AT +CPAS Phone Activity Status
AT +CFUN Set Phone Functionality
AT +CPIN Enter PIN
AT +CBC Battery Charge
AT +CIND Indicator
AT +CPBS Select Phonebook Memory Storage
AT +CPBR Read Phonebook Entries
AT +CPBW Write/Delete Phonebook Entry
AT +CRSM Restricted SIM Access
AT +CMAR Master Reset
AT +CMEE Report Mobile Equipment Error
ETSI GSM 07.05: General Configuration Commands
AT +CSMS Select Message Service
AT +CPMS Preferred Message Storage
AT +CMGF Message Format
ETSI GSM 07.05: Message Configuration Commands
AT +CSCA Service Center Address
AT +CSMP Set Text Mode Parameters
AT +CSDH Show Text Mode Parameters
AT +CSCB Select Cell Broadcast Message Types
AT +CSAS Save Settings
AT +CRES Restore Settings
ETSI GSM 07.05: Message Receiving and Reading Commands
AT +CNMI New Message Indications to TE
AT +CMGL List Messages
AT +CMGR Read Message
ETSI GSM 07.05: Message Sending and Writing Commands
AT +CMGS Send Message
AT +CMSS Send Message from Storage
AT +CMGW Write Message to Memory
AT +CMGD Delete Message
AT +CGDCONT Define PDP Context
AT +CGDSCONT Define Secondary PDP Context
AT +CGEQREQ 3G Quality of Service Profile (Requested)
AT +CGQREQ Quality of Service Profile (Requested)
AT +CGQMIN Quality of Service Profile (Minimum Acceptable)
AT +CGEQMIN 3G Quality of Service Profile (Minimum Acceptable)
AT +CGEQNEG 3G Quality of Service Profile (Negotiated)
AT +CGATT Attach or Detach
AT +CGACT PDP Context Activate or Deactivate
AT +CGCMOD PDP Context Modify
AT +CGTFT Traffic Flow Template
AT +CGDATA Data Mode
AT +CGPADDR Show PDP Address
AT +CGCLASS GPRS Mobile Station Class
AT +CGREG GPRS Network Registration Indication
AT +CGSMS Select Service for MO SMS Messages
Inmarsat Specific AT Commands
AT _IPOINT Antenna Pointing
AT _IGPS GPS Location Information
AT _INIS Network Interface Status
AT _ITFT Uplink Traffic Flow Template
AT _ITEMP BGAN Terminal Temperature
AT _ILOG Retrieve Log File
AT _ISLEEP MT Sleep Status Indicator
AT _IMETER Call Metering
AT _ISIG Signal Strength Indicator
AT _IBALARM Alarm Indicator
AT _ISATINFO BGAN Satellite Information
AT _ISATVIS BGAN Satellite(s) Visible
AT _ISATCUR BGAN Current Satellite
AT _IBNOTIFY Control Unsolicited Commands
AT _IERROR BGAN Terminal Error Reports
AT _IGETFW Get firmware file from FTP server
AT _IUPDFW Trigger firmware update.
AT _ISENDFILESend file from UT to FTP server
AT _IGETFILE Download file from FTP server to UT
AT _IUPDCFG Install new 'config.txt' file.
AT _IREMWEB Control HTTP access to UT.
AT _ICLCK Facility Lock Configure
AT _ICPWD Change Facility Password
AT _IMACLOC Enable/Disable Ethernet MAC filtering.
AT _IMACLOCADConfigure allowed Ethernet MAC addresses.
AT _IPWSAVSCHThis command is used to input criteria for power save mode.
AT _ISMSRMT Enable/Disable remote SMS commands.
AT _IATCSCN Inititate RX ATC Scan
AT _IATCROBSTEnable / Disable ATC robustness mode
HNS Specific AT Commands
AT _IHINIT Initial Configuration Settings
AT _IHIP Internet Protocol Settings
AT _IHSTATUS HNS Terminal Status
AT _IHSET HNS Set Terminal Configuration
AT _IHREAD HNS Terminal Version Information
AT _IHDEFCNT Define a Default PDP Context
AT _IHACA Automatic Context Activation
AT _IHTM Set CM to Test Mode
AT _IHTXCW Transmit CW
AT _IHSTXCW Stop CW Transmission
AT _IHTXMOD Transmit Modulated Signal
AT _IHSTXMOD Stop Modulated Signal Transmission
AT _IHGFACQ Ask PSAB Acquisition Status
AT _IHSIGACQ Ask Signal Acquisition Status
AT _IHGF Obtain Satellite Information for Antenna Pointing
AT _IHGPS Initiate or Update GPS Information to CM
AT _IHPWROFF CM Accomplishes Deregistration Procedure
AT _IHREBOOT Reboot Terminal
AT _IHCCAL Send Cable Calibration Data to CM
AT _IHSWUPG SW Upgrade Indication
AT _IHSWDATA Request a block of image file.
AT _IHLOG Write String to Console and Syslog
AT _IHPIN Query PIN/PUK Status
AT _IHPACKET Report PS Call Log Information
AT _IHSMS Report Short Message Delivery Status
AT _IHBEAM Report Beam ID in which UT is Operating
AT _IHTIMER Set Timeouts for Connections and Leases
AT _IHARP Terminal ARP Entries
AT _IHPING Terminal-initiated PING.
AT _IHTEXT Terminal Text Message
AT _IHPBIT Command UT to Perform Platform Built-In Test and Check Status
AT _IHEVENT BGAN Terminal Event Reports
AT _IHCIRCUITBGAN Terminal CS Call Reports
AT _IHTEMP HNS Terminal Temperature
AT _IHMETER Expanded Call Metering
Summary of Inmarsat Specific Result Codes
OK
AT_ILOG?
_ILOG: "syslog"
OK
AT_ILOG="syslog"
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1228835 ACA SCAN PDP Reactivation Request: CID [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1229268 umop_handle_pdp_activate_rej: rab_id [1], c_id [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1229268 umop_handle_pdp_activate_rej: pclSMCauseValueIE = 0x1d
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1231835 umtsmendScanAcaAlwaysOnEntries: ACA ALWAYS ON context(1) is NOT active.
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1231835 ACA SCAN PDP Reactivation Request: CID [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1232268 umop_handle_pdp_activate_rej: rab_id [2], c_id [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1232268 umop_handle_pdp_activate_rej: pclSMCauseValueIE = 0x1d
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1234835 umtsmendScanAcaAlwaysOnEntries: ACA ALWAYS ON context(1) is NOT active.
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1234835 ACA SCAN PDP Reactivation Request: CID [1]
...response shortened for brevity...
_ILOG: [ UMTSMB] LVL:CRITICAL TIM:1225835 ACA SCAN PDP Reactivation Request: CID [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1226284 umop_handle_pdp_activate_rej: rab_id [0], c_id [1]
_ILOG: [ psCtrl] LVL:CRITICAL TIM:1226284 umop_handle_pdp_activate_rej: pclSMCauseValueIE = 0x1d
OK
AT_IHSTATUS
OK
AT_IHSTATUS=?
_IHSTATUS: ("CIPH", "CONN", "TRAF", "FLTS", "MAC", "GPS", "WLAN", "CSC", "CLASS")
OK
AT_IHSTATUS="GPS"
_IHSTATUS: "GPS", 37.15058,-94.99178,3D,allowed,16/01/26,20:26:37
OK
AT_IHSTATUS="CONN"
_IHSTATUS: "CONN", PS Attached / CS Attached
OK
AT+CGPADDR=?
+CGPADDR: (1)
OK
AT+CGPADDR=1
+CGPADDR: 1,"0.0.0.0"
OK
AT+CGPADDR?
+CGPADDR: 1,"0.0.0.0"
OK
AT_ICLCK="AD",1,"admin"
OK
Note the interface does not auto-lock after you terminate the TCP session, so you must enter the last command (AT_ICLCK=”AD”,1,”admin”) to lock the MT AT interface so any untrusted connections to this port will be required to know the password to unlock the interface and issue AT commands.
So thats about how far I’ve gotten thus far.. My next steps will be to write a TCL script around this to allow the router to make decisions based on the state in the BGAN UT and to control the UT. Check back for further updates!
protocolSyntax 
Timely post – I am thankful for the specifics . Does someone know if I can grab a blank DA 7625-1 example to work with ?
What model are you using?
Hi C. M. Stephan
Your test helps me a lot to use the 9052. Some of the commands don’t work for my model. Ex. “AT_IHREBOOT”, although the telent reply me “OK”, but the Hughes 9502 still keep working. Do you have any idea about this situation?