23 Cellular IoT Implementations

In 60 Seconds

Building cellular IoT devices involves selecting a module (SIM7000 for NB-IoT, SIM7070 for LTE-M, BG96 for dual-mode), connecting it via UART to a microcontroller, configuring APN settings with AT commands, and implementing HTTP or MQTT clients for cloud communication. The key difference from smartphone development is designing for constrained bandwidth (payloads under 1KB), intermittent connectivity (10-second wake delays from PSM), and aggressive power management (sleep 99.9% of the time).

Key Concepts

AT Commands: Standardized command set for configuring and controlling cellular modems; prefixed with “AT”; examples: AT+CEREG? (registration status), AT+NSOST (NB-IoT UDP send)
PPP (Point-to-Point Protocol): Legacy method for establishing IP connectivity through cellular modem via serial port; being replaced by ECM/NCM USB Ethernet emulation
ECM/NCM (Ethernet Control Model/Network Control Model): USB device classes emulating Ethernet interface over cellular modem; provides standard Linux network interface (eth0/usb0)
MQTT-SN (MQTT for Sensor Networks): MQTT adaptation for constrained networks; uses UDP transport; supports sleeping clients with broker-buffered messages for NB-IoT
CoAP (Constrained Application Protocol): UDP-based REST protocol optimized for M2M; confirmable messages provide reliability; used with DTLS for security on NB-IoT/LTE-M
LwM2M (Lightweight M2M): OMA standard device management protocol for cellular IoT; runs over CoAP/DTLS; provides firmware update, device management, and resource model
Quectel/SIMCom Modules: Popular cellular IoT module manufacturers; modules like Quectel BC660K (NB-IoT), BG96 (LTE-M+NB-IoT+GPS), EC21 (LTE Cat-1) expose AT command interface
Modem Firmware Update: Critical maintenance operation updating modem baseband firmware; requires specific tooling (Quectel QFlash, Sierra AT+WDSD), can brick device if interrupted

23.1 Learning Objectives

By the end of this chapter, you will be able to:

Justify Module Selection: Evaluate LTE-M, NB-IoT, and 4G module trade-offs and defend a selection for specific IoT application requirements
Assemble Hardware Connections: Wire SIM7000/SIM7600 modules to Arduino and ESP32 platforms with correct power supply, UART, and antenna configurations
Construct AT Command Sequences: Compose AT command flows for network registration, APN configuration, and data transmission over cellular links
Implement HTTP/MQTT Clients: Build cellular-connected applications that publish sensor data to cloud services and subscribe to command topics
Optimize Data Plans: Configure APN settings and calculate monthly data costs based on payload size, reporting frequency, and carrier pricing models
Diagnose Connectivity Failures: Systematically isolate power, serial, SIM, signal, and network registration faults using AT diagnostic commands

Related Chapters

Deep Dives:

Cellular IoT Fundamentals - Core concepts of NB-IoT, LTE-M technologies
NB-IoT Fundamentals - Narrowband IoT architecture and deployment modes
NB-IoT Labs and Implementation - Hands-on NB-IoT module configuration

Comparisons:

Cellular IoT Comprehensive Review - LTE-M vs NB-IoT trade-offs
LPWAN Comparison and Review - Cellular IoT vs LoRaWAN vs Sigfox

Application Protocols:

MQTT Fundamentals - Publish-subscribe messaging over cellular
CoAP Fundamentals - Lightweight request-response protocol

Learning:

Quizzes Hub - Test your cellular IoT implementation knowledge

23.2 Prerequisites

Before diving into this chapter, you should be familiar with:

Cellular IoT Fundamentals: Understanding of NB-IoT, LTE-M technologies, their specifications, and when to use each cellular technology is essential for module selection and configuration
IoT Protocols Fundamentals: Knowledge of the IoT protocol stack, UDP vs TCP transport layers, and application protocols helps you understand how cellular modules fit into the overall architecture
Networking Basics: Familiarity with IP addressing, DNS, network routing, and basic networking concepts is needed to configure APNs and troubleshoot connectivity issues

For Beginners: Cellular IoT Made Simple

Cellular IoT lets your devices connect to the internet anywhere there’s cell coverage—just like your phone. This chapter teaches you how to actually build with cellular modules.

What You Need:

Cellular Module: A small board with a radio (like SIM7000)
SIM Card: Just like in your phone (get an IoT data plan)
Microcontroller: Arduino, ESP32, or Raspberry Pi
Antenna: Usually included with the module
Power Supply: Cellular modules need more power than Wi-Fi

The Basic Connection:

Microcontroller → Serial UART → Cellular Module → Antenna → Cell Tower → Internet

Why Cellular for IoT?

Works anywhere with cell coverage (no Wi-Fi needed)
Low power modes (NB-IoT, LTE-M)
Secure and reliable
Pay-per-device data plans (~$2-10/month)

Sensor Squad: Building with Cellular Modules!

“Today we are actually building something!” Sammy the Sensor said eagerly. “To connect me to a cell tower, you need a cellular module – a little board with a radio and a SIM card slot. You wire it to a microcontroller, type in some AT commands, and suddenly I can send my data to the cloud from anywhere with cell coverage!”

“AT commands are like texting instructions to the module,” Lila the LED explained. “You type ‘AT+CGATT=1’ to attach to the network, ‘AT+CIPSTART’ to open a connection, and ‘AT+CIPSEND’ to send data. It sounds complicated, but it is really just a conversation between the microcontroller and the cellular radio – ask a question, get an answer!”

Max the Microcontroller grinned. “I handle all the tricky parts – like configuring the APN (that is the gateway name your carrier uses), managing the serial connection to the module, and handling retries when the signal is weak. The key difference from phone development is that we send tiny packets – maybe 50 to 100 bytes – and then go right back to sleep.”

“Power management is everything,” Bella the Battery emphasized. “Cellular radios are hungry – they can draw 200 milliamps during transmission! But the secret is that we only transmit for a few seconds, then sleep for minutes or hours. With PSM enabled, the device sleeps at just 5 microamps. That is the difference between lasting two weeks and lasting ten years!”

23.3 Understanding Check: Asset Tracking with NB-IoT

⏱️ ~15 min | ⭐⭐⭐ Advanced | 📋 P09.C19.U01

Scenario: You’re tracking 500 shipping containers across North America. Each container reports GPS location + temperature every 30 minutes. You need 10-year battery life on 2× D-cell batteries (19,000 mAh @ 3.6V). Containers travel through rural areas with spotty coverage. Budget: $50K for 500 devices (hardware + 5-year connectivity).

Think about:

Should you use NB-IoT or LTE-M modules? Why?
How do you achieve 10-year battery life when cellular transmission consumes 200mA for 2 seconds?

Key Insight: Use NB-IoT modules (e.g., SIM7020 at $15 each) with Power Saving Mode (PSM) and extended DRX. NB-IoT’s superior coverage (164 dB MCL vs 156 dB for LTE-M) ensures connectivity in rural areas and inside metal containers. LTE-M would offer mobility handoff but drain battery 3× faster for this stationary use case.

Power calculation: Each transmission cycle (wake → connect → send 100 bytes → PSM) consumes ~400 mWh. At 48 transmissions/day × 365 days × 10 years = 175,200 transmissions. Total energy: 70 Wh. Two D-cells provide 68 Wh (19Ah × 3.6V) × 85% efficiency ≈ 58 Wh—close but achievable with careful firmware optimization and reducing retries.

Cost: 500 modules × $15 = $7,500 + SIM cards ($5 each) = $10,000 hardware. Connectivity: NB-IoT data plan at $2/month × 500 devices × 60 months = $60,000 (exceeds budget—negotiate bulk discount to $1.20/month = $36K total, or use annual prepaid plans).

Verify Your Understanding:

Why would LTE-M’s mobility features actually waste battery for stationary containers?
How does PSM differ from eDRX for power savings?

Cross-Hub Connections

Hands-On Practice:

Simulations Hub - Try the Power Budget Calculator to verify 10-year battery life calculations
Videos Hub - Watch cellular module setup tutorials and AT command demonstrations

Self-Assessment:

Quizzes Hub - Test your understanding of module selection, AT commands, and power optimization

Knowledge Reinforcement:

Knowledge Gaps Hub - Clarify common misconceptions about cellular IoT power consumption and connectivity costs

Common Misconception: “Cellular IoT is Just Like a Phone”

Myth: You can use cellular IoT modules just like a smartphone—always connected, instant data transfer.

Reality: IoT modules optimize for battery life, not speed. Key differences:

Power Consumption: Smartphone: ~500mA continuous (2-hour battery). IoT module with PSM: 5µA sleep + 200mA for 2sec bursts (10-year battery).
Connection Time: Smartphone: Always connected (0ms). NB-IoT: 5-10 seconds to establish connection from PSM sleep. LTE-M with eDRX: 1-2 seconds.
Data Rate: Smartphone 4G: 100 Mbps download. NB-IoT: 26 kbps download (3,846× slower!). LTE-M: 1 Mbps (100× slower).
Cost Model: Smartphone: Unlimited data ($50/month). IoT SIM: Pay-per-MB ($0.10/MB) or fixed 10MB/month ($2).

Quantified Impact: A developer assumed NB-IoT had “4G speeds” and designed a video streaming application. Reality check: Streaming 1MB video at 26 kbps takes 5 minutes (vs 0.08 seconds on 4G). After 1 week, 500 devices × 1GB/day × $0.10/MB = $50,000/week connectivity bill (expected $1,400/week). Cost overrun: 3,571%.

Best Practice: Design for constrained bandwidth (send JSON payloads <1KB), intermittent connectivity (tolerate 10-second delays), and aggressive power management (sleep 99.9% of the time). This is the opposite of smartphone app development.

Putting Numbers to It

The monthly data cost for cellular IoT depends on payload size and reporting frequency:

\[\text{Monthly Cost} = N \times f_{daily} \times 30 \times P_{bytes} \times C_{per\_MB}\]

where $N$ is device count, $f_{daily}$ is reports per day, $P_{bytes}$ is payload size, and $C_{per\_MB}$ is cost per megabyte.

Example: 500 sensors reporting temperature every 15 minutes: - Reports per day: $f_{daily} = \frac{24 \times 60}{15} = 96$ - Payload options: - Bloated JSON: 250 bytes (formatted with whitespace) - Compact JSON: 60 bytes (minified) - Binary format: 12 bytes (packed struct)

Monthly costs at $0.10/MB:

Bloated: $500 \times 96 \times 30 \times 250 / 1,000,000 \times 0.10 = \$36,000$
Compact: $500 \times 96 \times 30 \times 60 / 1,000,000 \times 0.10 = \$8,640$
Binary: $500 \times 96 \times 30 \times 12 / 1,000,000 \times 0.10 = \$1,728$

Switching from bloated JSON to binary saves $34,272/month (95% reduction). For 10,000 devices, the difference is $685,000/month. Payload optimization is critical at IoT scale.

Try It: Cellular IoT Data Cost Calculator

Estimate your monthly connectivity costs based on device count, reporting frequency, and payload size — matching the cost formula from the section above.

Show code

viewof dcDevices = Inputs.range([1, 10000], {value: 500, step: 10, label: "Number of devices"})
viewof dcInterval = Inputs.range([1, 1440], {value: 30, step: 1, label: "Reporting interval (minutes)"})
viewof dcPayload = Inputs.select(
  ["Binary (12 bytes)", "Compact JSON (60 bytes)", "Standard JSON (150 bytes)", "Bloated JSON (250 bytes)", "Custom"],
  {label: "Payload format:"}
)
viewof dcPayloadCustom = Inputs.range([1, 1000], {value: 100, step: 1, label: "Custom payload size (bytes)"})
viewof dcCostModel = Inputs.select(
  ["1NCE ($10/500MB/10yr)", "Hologram ($0.60/mo + $0.40/MB)", "Twilio ($2/mo + $0.10/MB)", "Custom $/MB"],
  {label: "Data plan:"}
)
viewof dcCustomPerMB = Inputs.range([0.01, 2.0], {value: 0.10, step: 0.01, label: "Custom cost per MB ($)"})

Show code

{
  const payloadSizes = {"Binary (12 bytes)": 12, "Compact JSON (60 bytes)": 60, "Standard JSON (150 bytes)": 150, "Bloated JSON (250 bytes)": 250, "Custom": dcPayloadCustom};
  const pSize = payloadSizes[dcPayload];
  const reportsPerDay = Math.floor(1440 / dcInterval);
  const bytesPerDeviceMonth = reportsPerDay * 30 * pSize;
  const mbPerDeviceMonth = bytesPerDeviceMonth / 1_000_000;
  const totalMBMonth = mbPerDeviceMonth * dcDevices;
  const totalMBYear = totalMBMonth * 12;

  let monthlyCost, yearCost, plan;
  if (dcCostModel === "1NCE ($10/500MB/10yr)") {
    yearCost = dcDevices * 1; // $10/10yr = $1/yr
    monthlyCost = yearCost / 12;
    const totalOver10yr = totalMBYear * 10;
    plan = {note: totalOver10yr > 500 * dcDevices ? `Exceeds 500MB/device over 10yr (${(totalOver10yr/dcDevices).toFixed(1)} MB/device)` : `Within 500MB limit (${(totalOver10yr/dcDevices).toFixed(1)} MB/device over 10yr)`};
  } else if (dcCostModel === "Hologram ($0.60/mo + $0.40/MB)") {
    monthlyCost = dcDevices * 0.60 + totalMBMonth * 0.40;
    yearCost = monthlyCost * 12;
    plan = {note: "Includes $0.60/device/month base fee"};
  } else if (dcCostModel === "Twilio ($2/mo + $0.10/MB)") {
    monthlyCost = dcDevices * 2 + totalMBMonth * 0.10;
    yearCost = monthlyCost * 12;
    plan = {note: "Includes $2/device/month base fee"};
  } else {
    monthlyCost = totalMBMonth * dcCustomPerMB;
    yearCost = monthlyCost * 12;
    plan = {note: `At $${dcCustomPerMB.toFixed(2)}/MB`};
  }

  const fmt = (n) => n >= 1000 ? `$${(n/1000).toFixed(1)}K` : `$${n.toFixed(2)}`;

  return html`<div style="background:#f8f9fa; border:1px solid #dee2e6; border-radius:6px; padding:16px; margin-top:8px;">
    <div style="display:grid; grid-template-columns:1fr 1fr 1fr; gap:12px; margin-bottom:12px;">
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.8em; color:#7F8C8D;">Reports/device/day</div>
        <div style="font-size:1.4em; font-weight:bold; color:#2C3E50;">${reportsPerDay}</div>
      </div>
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.8em; color:#7F8C8D;">MB/device/month</div>
        <div style="font-size:1.4em; font-weight:bold; color:#3498DB;">${mbPerDeviceMonth.toFixed(3)}</div>
      </div>
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.8em; color:#7F8C8D;">Total MB/month</div>
        <div style="font-size:1.4em; font-weight:bold; color:#E67E22;">${totalMBMonth.toFixed(1)}</div>
      </div>
    </div>
    <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px;">
      <div style="padding:12px; background:${monthlyCost > 5000 ? '#fadbd8' : monthlyCost > 1000 ? '#fdebd0' : '#d5f5e3'}; border-radius:4px; text-align:center;">
        <div style="font-size:0.8em; color:#7F8C8D;">Monthly Cost</div>
        <div style="font-size:1.6em; font-weight:bold; color:#2C3E50;">${fmt(monthlyCost)}</div>
        <div style="font-size:0.75em; color:#7F8C8D;">${fmt(monthlyCost / dcDevices)}/device</div>
      </div>
      <div style="padding:12px; background:${yearCost > 50000 ? '#fadbd8' : yearCost > 10000 ? '#fdebd0' : '#d5f5e3'}; border-radius:4px; text-align:center;">
        <div style="font-size:0.8em; color:#7F8C8D;">Annual Cost</div>
        <div style="font-size:1.6em; font-weight:bold; color:#2C3E50;">${fmt(yearCost)}</div>
        <div style="font-size:0.75em; color:#7F8C8D;">${fmt(yearCost / dcDevices)}/device</div>
      </div>
    </div>
    <div style="margin-top:8px; font-size:0.85em; color:#7F8C8D;">${plan.note} | Payload: ${pSize} bytes</div>
  </div>`;
}

23.4 Module Selection and Hardware Setup

23.4.1 Popular Cellular IoT Modules

Module	Technology	Data Rate	Power (TX)	Power (Sleep)	Coverage	Cost	Best For
SIM7020	NB-IoT	26 kbps	220mA	5µA (PSM)	-164 dBm	$15	Stationary sensors, 10-year battery
SIM7070	NB-IoT + LTE-M	1 Mbps (LTE-M)	230mA	3µA (PSM)	-141 dBm (NB-IoT)	$18	Dual-mode flexibility, mobile trackers
SIM7000	NB-IoT + 2G	26 kbps	500mA (2G)	5µA (PSM)	-164 dBm	$20	Global fallback (2G)
SIM7600	4G LTE Cat-1	10 Mbps	2A	10mA	-110 dBm	$25	Video streaming, high throughput
BG96	NB-IoT + LTE-M	375 kbps	230mA	5µA (PSM)	-164 dBm	$22	Dual-mode flexibility

Selection Decision Tree:

Decision tree for selecting cellular IoT modules based on application requirements: stationary sensors with low data rate choose NB-IoT modules like SIM7020; mobile trackers choose LTE-M modules like SIM7070; high-bandwidth applications choose LTE Cat-1 modules like SIM7600; dual-mode flexibility uses BG96 supporting both NB-IoT and LTE-M — Figure 23.1: Cellular IoT module selection decision tree by mobility and data rate

Alternative View: Module Cost vs Capability

Quadrant chart positioning cellular IoT modules by cost and capability: low-cost basic modules like SIM7020 for NB-IoT, mid-range LTE-M modules like SIM7070, premium dual-mode modules like BG96, and high-performance LTE Cat-1 modules like SIM7600 for video and high-throughput applications

Module cost vs capability quadrant chart

This quadrant chart positions modules by cost and capability, helping designers choose the right module for their budget and performance requirements.

23.4.2 Hardware Connection: SIM7000 + ESP32

Complete Wiring Diagram:

Wiring diagram showing ESP32 connected to SIM7000 cellular module via hardware UART (GPIO17 TX to SIM7000 RX, GPIO16 RX to SIM7000 TX), with LiPo battery powering both devices, 1000 microfarad capacitor near VBAT for current spikes, PWR_KEY on GPIO4 for module power control, and external LTE antenna connected to SIM7000 — Figure 23.2: SIM7000 to ESP32 wiring diagram with LiPo battery power

Critical Hardware Notes:

Power Supply: SIM7000 draws 2A peak during transmission. Use LiPo battery (not USB power—causes brownouts). Add 1000µF capacitor near VBAT for current spikes.
UART Serial: Connect ESP32 GPIO17 (TX) → SIM7000 RX, GPIO16 (RX) → SIM7000 TX. Baud rate: 115200. Use hardware serial, not software serial (timing critical).
PWR_KEY: Hold GPIO4 LOW for 1 second to power on module. LED blinks slowly (1s) when connected to network, rapidly (200ms) when searching.
Antenna: MUST connect external antenna before powering on. Running without antenna damages RF amplifier.
SIM Card: Insert before powering on. Check PIN code is disabled (or use AT+CPIN=1234 to unlock).

23.5 AT Command Fundamentals

23.5.1 AT Command Flow

Cellular modules communicate via AT commands (Hayes command set). Basic pattern:

Host → AT+COMMAND=value\r\n
Module → response\r\n
Module → OK\r\n  (or ERROR)

Complete Connection Sequence:

Sequence diagram showing AT command flow between host MCU and cellular module: AT test, AT+CPIN SIM check, AT+CGDCONT APN configuration, AT+CREG network registration with 30-60 second wait, AT+CGACT PDP context activation, AT+HTTPINIT and AT+HTTPACTION for HTTP data transmission, followed by AT+CPSMS for power saving mode entry — Figure 23.3: AT command sequence for cellular IoT network registration and data transmission

23.5.2 Essential AT Commands

Basic Module Control:

AT              // Test connection (returns OK)
ATI             // Module information
AT+CGMR         // Firmware version
AT+CFUN=1       // Full functionality mode
AT+CFUN=0       // Minimum functionality (radio off)

SIM and Network:

AT+CPIN?        // Check SIM status (READY/SIM PIN/ERROR)
AT+CPIN=1234    // Unlock SIM with PIN code
AT+COPS?        // Check registered network operator
AT+COPS=?       // Scan available networks (slow: 20-60s)
AT+COPS=0       // Auto-select network (best signal)
AT+CSQ          // Signal quality (0-31 RSSI, 99=unknown)
                // Good: >15 (-93 dBm), Excellent: >25 (-73 dBm)
AT+CREG?        // Network registration status
                // 0,1 = registered home network
                // 0,5 = registered roaming
AT+CGATT?       // GPRS attach status (1=attached)

Data Connection (APN Configuration):

// Configure APN (Access Point Name) - carrier-specific
AT+CGDCONT=1,"IP","iot.1nce.net"           // 1NCE IoT SIM
AT+CGDCONT=1,"IP","hologram"               // Hologram global SIM
AT+CGDCONT=1,"IP","m2m.com.attz"           // AT&T IoT SIM
AT+CGDCONT=1,"IP","iot.truphone.com"       // Truphone IoT
AT+CGDCONT=1,"IP","soracom.io"             // Soracom global IoT

// Activate PDP context (get IP address)
AT+CGACT=1,1    // Activate context ID 1
AT+CGPADDR=1    // Query assigned IP address
AT+CGDATA="PPP",1  // Enter data mode (PPP connection)

HTTP Client (Quick Cloud Integration):

AT+HTTPINIT                                     // Initialize HTTP
AT+HTTPPARA="CID",1                             // Set PDP context ID
AT+HTTPPARA="URL","http://api.thingspeak.com/update"
AT+HTTPPARA="CONTENT","application/json"        // Set content type
AT+HTTPDATA=50,5000                             // Prepare 50 bytes, 5s timeout
// After DOWNLOAD prompt, send payload:
{"api_key":"ABC123","field1":23.5}
AT+HTTPACTION=1                                 // Execute POST (0=GET, 1=POST, 2=HEAD)
AT+HTTPREAD                                     // Read response
AT+HTTPTERM                                     // Terminate HTTP

MQTT Client (Persistent Connections):

// Configure MQTT broker
AT+SMCONF="URL","mqtt.example.com","1883"       // Broker address and port
AT+SMCONF="CLIENTID","device001"                // Client ID
AT+SMCONF="USERNAME","user"                     // Username (if required)
AT+SMCONF="PASSWORD","pass"                     // Password
AT+SMCONF="KEEPTIME",60                         // Keep-alive interval (seconds)

// Connect to broker
AT+SMCONN                                       // Connect (returns OK or ERROR)
AT+SMSTATE?                                     // Check connection state (1=connected)

// Publish message
AT+SMPUB="sensors/temp",20,1,0                  // Topic, length, QoS, retain
// After > prompt, send payload:
{"temperature":23.5}

// Subscribe to topic
AT+SMSUB="commands/led",1                       // Topic, QoS
// Received messages trigger URC: +SMSUB: "commands/led"

// Disconnect
AT+SMDISC                                       // Disconnect from broker

Power Saving Modes:

// Power Saving Mode (PSM) - deepest sleep
AT+CPSMS=1,"","","00000100","00000001"          // Enable PSM
// T3324 (active timer): 4 seconds, T3412 (periodic TAU): 1 hour
// Module sleeps for ~1 hour between wake-ups

// Extended DRX (eDRX) - periodic paging
AT+CEDRXS=1,5,"0101"                            // Enable eDRX for LTE-M
// Paging interval: 20.48 seconds (balance power vs latency)

// Light sleep (clock gating)
AT+CSCLK=2                                      // Auto sleep when UART idle
// Module enters 1mA sleep between commands (wakes on UART RX)

// Airplane mode (radio off, 0.1mA)
AT+CFUN=4                                       // Airplane mode
AT+CFUN=1                                       // Return to full functionality

Try It: PSM Timer Decoder

Decode the T3324 (Active Timer) and T3412 (Periodic TAU) values used in AT+CPSMS commands. These 8-bit binary strings control how long the module stays reachable after communication and how often it wakes for Tracking Area Updates.

Show code

viewof psmT3324 = Inputs.text({label: "T3324 Active Timer (8-bit binary):", value: "00000100", placeholder: "e.g. 00000100"})
viewof psmT3412 = Inputs.text({label: "T3412 Periodic TAU (8-bit binary):", value: "00000001", placeholder: "e.g. 00000001"})

Show code

{
  function decodeTimer(bits, isT3412) {
    if (!bits || bits.length !== 8 || !/^[01]+$/.test(bits)) return {value: "Invalid", seconds: 0, error: true};
    const unit = parseInt(bits.substring(0, 3), 2);
    const val = parseInt(bits.substring(3), 2);
    const t3324Units = {0: [2, "sec"], 1: [60, "min"], 2: [360, "sec (6min)"], 7: [0, "deactivated"]};
    const t3412Units = {0: [600, "sec (10min)"], 1: [3600, "hr"], 2: [36000, "sec (10hr)"], 3: [2, "sec"], 4: [30, "sec"], 5: [60, "min"], 7: [0, "deactivated"]};
    const units = isT3412 ? t3412Units : t3324Units;
    const u = units[unit];
    if (!u) return {value: "Reserved unit " + unit, seconds: 0, error: true};
    if (u[0] === 0) return {value: "Deactivated", seconds: 0, error: false};
    const secs = val * u[0];
    const display = secs >= 3600 ? (secs / 3600).toFixed(1) + " hours" : secs >= 60 ? (secs / 60).toFixed(0) + " minutes" : secs + " seconds";
    return {value: display, seconds: secs, raw: `${val} × ${u[0]}s (${u[1]})`, error: false};
  }
  const t3324 = decodeTimer(psmT3324, false);
  const t3412 = decodeTimer(psmT3412, true);
  const totalCycle = t3324.seconds + t3412.seconds;
  const sleepPct = totalCycle > 0 ? ((t3412.seconds / totalCycle) * 100).toFixed(1) : 0;

  return html`<div style="background:#f8f9fa; border:1px solid #dee2e6; border-radius:6px; padding:16px; margin-top:8px;">
    <div style="display:grid; grid-template-columns:1fr 1fr; gap:12px; margin-bottom:12px;">
      <div style="padding:12px; background:#fff; border-radius:4px; border-left:4px solid ${t3324.error ? '#E74C3C' : '#E67E22'};">
        <div style="font-size:0.8em; color:#7F8C8D;">T3324 Active Timer</div>
        <div style="font-size:1.3em; font-weight:bold; color:#E67E22;">${t3324.value}</div>
        ${t3324.raw ? html`<div style="font-size:0.8em; color:#7F8C8D; font-family:monospace;">${t3324.raw}</div>` : ''}
      </div>
      <div style="padding:12px; background:#fff; border-radius:4px; border-left:4px solid ${t3412.error ? '#E74C3C' : '#16A085'};">
        <div style="font-size:0.8em; color:#7F8C8D;">T3412 Periodic TAU</div>
        <div style="font-size:1.3em; font-weight:bold; color:#16A085;">${t3412.value}</div>
        ${t3412.raw ? html`<div style="font-size:0.8em; color:#7F8C8D; font-family:monospace;">${t3412.raw}</div>` : ''}
      </div>
    </div>
    <div style="font-family:monospace; font-size:0.85em; background:#fff; padding:8px; border-radius:4px; color:#2C3E50;">
      AT+CPSMS=1,"","","${psmT3412}","${psmT3324}"
    </div>
    ${totalCycle > 0 ? html`<div style="margin-top:8px; font-size:0.85em; color:#7F8C8D;">
      Sleep ${sleepPct}% of cycle | Active ${t3324.value} → Sleep ${t3412.value} → repeat
    </div>` : ''}
  </div>`;
}

Try It: ESP32 HTTP Client (Cellular-Style Pattern)

Objective: Cellular modules use AT commands to send HTTP requests. This Wokwi lab demonstrates the same HTTP client pattern using ESP32 Wi-Fi, so you can understand the cloud communication flow before working with actual cellular hardware.

Code to Try:

#include <WiFi.h>
#include <HTTPClient.h>

const char* ssid = "Wokwi-GUEST";
const char* password = "";

void setup() {
  Serial.begin(115200);
  // Step 1: Connect (equivalent to AT+CGATT=1)
  WiFi.begin(ssid, password);
  while (WiFi.status() != WL_CONNECTED) { delay(500); }
  Serial.printf("Attached! RSSI: %d dBm\n", WiFi.RSSI());
}

void loop() {
  float temp = 22.0 + random(-50, 50) / 10.0;
  // Step 2: HTTP POST (equivalent to AT+HTTPACTION=1)
  HTTPClient http;
  http.begin("http://httpbin.org/post");
  http.addHeader("Content-Type", "application/json");
  String payload = "{\"temp\":" + String(temp, 1) +
                   ",\"device\":\"ESP32-001\"}";
  int httpCode = http.POST(payload);
  if (httpCode > 0)
    Serial.printf("HTTP %d | %d bytes sent\n", httpCode, payload.length());
  http.end();
  // Step 3: Sleep (cellular: would use PSM for hours)
  delay(15000);
}

What to Observe:

The connection flow mirrors cellular AT commands: attach to network, check signal, send data, sleep
Each HTTP POST shows payload size and round-trip time – on real NB-IoT this would be 2-10 seconds instead of milliseconds
The JSON payload is under 100 bytes – critical for cellular IoT where data costs $0.10/MB
In production, you would replace delay(15000) with ESP32 deep sleep + RTC wakeup for years of battery life

Quick Check: AT Command Sequence

23.6 Complete Arduino Implementation

23.6.1 Hardware Serial Cellular Library

Example: ESP32 + SIM7000 Sending Sensor Data

The core pattern connects via AT commands, sends data over HTTP, then enters PSM sleep:

HardwareSerial sim7000(1);  // UART1 on ESP32
#define SIM_TX 17
#define SIM_RX 16
#define SIM_PWR_KEY 4

void setup() {
  sim7000.begin(115200, SERIAL_8N1, SIM_RX, SIM_TX);
  powerOnModule();        // Hold PWR_KEY LOW 1s then HIGH
  initCellular();         // AT -> CPIN? -> CGDCONT -> CREG? -> CGACT
}

void loop() {
  float temp = 23.5 + random(-50, 50) / 10.0;
  sendData(temp, 60.0);  // HTTP GET to ThingSpeak
  enterSleepMode(600);   // PSM + ESP32 deep sleep 10 min
}

Full Implementation (click to expand)

#include <HardwareSerial.h>

// SIM7000 on ESP32 hardware serial
HardwareSerial sim7000(1);  // UART1
#define SIM_TX 17
#define SIM_RX 16
#define SIM_PWR_KEY 4

// APN configuration (change for your carrier)
const char* APN = "iot.1nce.net";
const char* SERVER = "api.thingspeak.com";
const char* API_KEY = "YOUR_API_KEY";

void setup() {
  Serial.begin(115200);  // Debug console
  sim7000.begin(115200, SERIAL_8N1, SIM_RX, SIM_TX);  // SIM7000 serial

  // Power on module
  pinMode(SIM_PWR_KEY, OUTPUT);
  powerOnModule();

  // Wait for module ready
  delay(5000);

  // Initialize cellular connection
  if (initCellular()) {
    Serial.println("Cellular connected!");
  } else {
    Serial.println("Connection failed");
  }
}

void loop() {
  // Simulate sensor reading
  float temperature = 23.5 + random(-50, 50) / 10.0;
  float humidity = 60.0 + random(-100, 100) / 10.0;

  // Send data to cloud
  sendData(temperature, humidity);

  // Sleep for 10 minutes
  enterSleepMode(600);  // 600 seconds
}

void powerOnModule() {
  digitalWrite(SIM_PWR_KEY, LOW);
  delay(1000);  // Hold for 1 second
  digitalWrite(SIM_PWR_KEY, HIGH);
  delay(2000);
  Serial.println("Module powered on");
}

bool sendATCommand(String cmd, String expected, int timeout) {
  sim7000.println(cmd);
  long start = millis();
  String response = "";

  while (millis() - start < timeout) {
    while (sim7000.available()) {
      char c = sim7000.read();
      response += c;
      Serial.write(c);  // Echo to console
    }
    if (response.indexOf(expected) != -1) {
      return true;
    }
  }
  return false;
}

bool initCellular() {
  Serial.println("Initializing cellular...");

  // Test module
  if (!sendATCommand("AT", "OK", 2000)) {
    Serial.println("Module not responding");
    return false;
  }

  // Check SIM card
  if (!sendATCommand("AT+CPIN?", "READY", 5000)) {
    Serial.println("SIM card error");
    return false;
  }

  // Configure APN
  String apnCmd = "AT+CGDCONT=1,\"IP\",\"" + String(APN) + "\"";
  if (!sendATCommand(apnCmd, "OK", 2000)) {
    Serial.println("APN config failed");
    return false;
  }

  // Wait for network registration (can take 30-60 seconds)
  Serial.println("Waiting for network... (30-60s)");
  int retries = 30;
  while (retries-- > 0) {
    if (sendATCommand("AT+CREG?", "+CREG: 0,1", 2000) ||
        sendATCommand("AT+CREG?", "+CREG: 0,5", 2000)) {
      Serial.println("Registered on network!");
      break;
    }
    delay(2000);
  }

  if (retries <= 0) {
    Serial.println("Network registration timeout");
    return false;
  }

  // Activate PDP context
  if (!sendATCommand("AT+CGACT=1,1", "OK", 30000)) {
    Serial.println("PDP activation failed");
    return false;
  }

  // Check signal quality
  sim7000.println("AT+CSQ");
  delay(500);
  while (sim7000.available()) {
    Serial.write(sim7000.read());
  }

  return true;
}

bool sendData(float temp, float humidity) {
  Serial.println("Sending data via HTTP...");

  // Initialize HTTP
  if (!sendATCommand("AT+HTTPINIT", "OK", 2000)) {
    return false;
  }

  // Set CID
  if (!sendATCommand("AT+HTTPPARA=\"CID\",1", "OK", 2000)) {
    sendATCommand("AT+HTTPTERM", "OK", 2000);
    return false;
  }

  // Build URL with GET parameters
  String url = "http://" + String(SERVER) + "/update?api_key=" +
               String(API_KEY) + "&field1=" + String(temp) +
               "&field2=" + String(humidity);

  String urlCmd = "AT+HTTPPARA=\"URL\",\"" + url + "\"";
  if (!sendATCommand(urlCmd, "OK", 2000)) {
    sendATCommand("AT+HTTPTERM", "OK", 2000);
    return false;
  }

  // Execute GET request
  if (!sendATCommand("AT+HTTPACTION=0", "+HTTPACTION: 0,200", 10000)) {
    Serial.println("HTTP request failed");
    sendATCommand("AT+HTTPTERM", "OK", 2000);
    return false;
  }

  Serial.println("Data sent successfully!");

  // Terminate HTTP
  sendATCommand("AT+HTTPTERM", "OK", 2000);

  return true;
}

void enterSleepMode(int seconds) {
  Serial.println("Entering power saving mode...");

  // Enable PSM (customize T3324 and T3412 timers as needed)
  sendATCommand("AT+CPSMS=1", "OK", 2000);

  // Light sleep (module wakes on timer or UART activity)
  sendATCommand("AT+CSCLK=2", "OK", 2000);

  // Put ESP32 to deep sleep
  Serial.flush();
  esp_sleep_enable_timer_wakeup(seconds * 1000000ULL);  // microseconds
  esp_deep_sleep_start();
}

Key Implementation Notes:

Hardware Serial: Use HardwareSerial, not SoftwareSerial. SIM7000 requires precise timing (115200 baud) that software serial can’t guarantee.
Power-On Sequence: Hold PWR_KEY LOW for 1 second, then HIGH. LED should start blinking. Wait 5 seconds for RDY message.
Network Registration Time: Can take 30-60 seconds in weak signal areas. NB-IoT takes longer than LTE-M due to cell search process.
HTTP vs MQTT: Use HTTP for simple publish (stateless, no persistent connection). Use MQTT for bidirectional, low-latency communication (persistent connection).
Power Saving: Combining ESP32 deep sleep (10µA) + SIM7000 PSM (5µA) achieves ~15µA total system sleep current.

23.7 Complete IoT Pipeline Architecture

End-to-End System:

End-to-end cellular IoT pipeline showing ESP32 reading DHT22 sensor, waking SIM7000 from PSM, network attach to eNodeB, MQTT publish of JSON payload through HiveMQ broker to InfluxDB time-series database, with Grafana dashboard for visualization and the complete cycle taking approximately 10 seconds active time — Figure 23.4: End-to-end cellular IoT architecture from sensor to cloud dashboard

Data Flow Timeline:

Device Wake-Up (10ms): ESP32 wakes from deep sleep, reads DHT22 sensor via I2C
Module Power-On (1s): ESP32 toggles PWR_KEY to wake SIM7000 from PSM
Network Attach (5-10s): SIM7000 sends TAU (Tracking Area Update) to eNodeB, receives IP address
MQTT Connect (2-5s): TCP handshake + TLS handshake + MQTT CONNECT packet
Publish Data (500ms): MQTT PUBLISH with 50-byte JSON payload {"temp":23.5,"hum":60}
MQTT Broker (100ms): HiveMQ receives, distributes to subscribers, stores in InfluxDB
Dashboard Update (200ms): Grafana queries InfluxDB, updates chart in web browser
Return to Sleep (2s): MQTT DISCONNECT, SIM7000 enters PSM, ESP32 enters deep sleep

Total Active Time: ~10 seconds (0.003% duty cycle for 1-hour reporting interval)

23.8 Troubleshooting Guide

Common Issues and Solutions:

Troubleshooting flowchart for cellular IoT modules: check power supply first (LiPo not USB), then verify serial UART communication at 115200 baud, check SIM card status with AT+CPIN, test signal quality with AT+CSQ, verify network registration with AT+CREG, and finally test data connection with AT+CGACT and AT+HTTPACTION — Figure 23.5: Cellular IoT troubleshooting flowchart for common connection issues

Diagnostic Commands:

// Module health check
AT+CGMR           // Firmware version (should return version string)
AT+CCID           // SIM card ICCID (20-digit number)
AT+CIMI           // SIM card IMSI (15-digit number)

// Signal diagnostics
AT+CSQ            // Signal quality (15-31 = good, <10 = poor)
AT+CPSI?          // Detailed signal info (RSRP, RSRQ, SNR)
                  // Example: +CPSI: LTE NB-IOT,Online,
                  //          RSRP -95 dBm, RSRQ -10 dB, SNR 5 dB

// Network diagnostics
AT+COPS?          // Current operator (e.g., "AT&T", "Verizon")
AT+CREG=2         // Enable network registration URCs
AT+CREG?          // Registration status + location (LAC, CID)
AT+CGPADDR=1      // Assigned IP address (e.g., 10.45.23.12)

// Data usage tracking
AT+CGDCONT?       // Active PDP contexts (shows APN configuration)
AT+CGACT?         // PDP context activation status (1=active, 0=inactive)

// Power diagnostics
AT+CPSMS?         // PSM configuration (timers T3324, T3412)
AT+CEDRXS?        // eDRX configuration (paging interval)
AT+CPMUTEMP       // Module temperature (°C) - should be <60°C

Try It: Signal Quality Interpreter

Enter the CSQ value returned by AT+CSQ to see the corresponding RSSI in dBm and signal quality rating — useful when debugging connectivity in the field.

Show code

{
  const rssi = csqValue === 99 ? null : -113 + csqValue * 2;
  const quality = csqValue >= 25 ? {label: "Excellent", color: "#16A085"} :
                  csqValue >= 15 ? {label: "Good", color: "#27AE60"} :
                  csqValue >= 10 ? {label: "Marginal", color: "#E67E22"} :
                  csqValue >= 5  ? {label: "Poor", color: "#E74C3C"} :
                  csqValue > 0   ? {label: "Very Poor", color: "#C0392B"} :
                  {label: "No Signal", color: "#7F8C8D"};
  const barWidth = Math.max(3, (csqValue / 31) * 100);
  const packetLoss = csqValue >= 20 ? "<1%" : csqValue >= 15 ? "1-3%" : csqValue >= 10 ? "5-10%" : csqValue >= 5 ? "10-25%" : ">25%";

  return html`<div style="background:#f8f9fa; border:1px solid #dee2e6; border-radius:6px; padding:16px; margin-top:8px;">
    <div style="display:flex; gap:24px; align-items:center; flex-wrap:wrap;">
      <div>
        <div style="font-size:0.8em; color:#7F8C8D;">RSSI</div>
        <div style="font-size:1.6em; font-weight:bold; color:#2C3E50;">${rssi !== null ? rssi + ' dBm' : 'Unknown'}</div>
      </div>
      <div>
        <div style="font-size:0.8em; color:#7F8C8D;">Quality</div>
        <div style="font-size:1.4em; font-weight:bold; color:${quality.color};">${quality.label}</div>
      </div>
      <div>
        <div style="font-size:0.8em; color:#7F8C8D;">Est. Packet Loss</div>
        <div style="font-size:1.2em; font-weight:bold; color:#2C3E50;">${packetLoss}</div>
      </div>
    </div>
    <div style="margin-top:12px; background:#ecf0f1; border-radius:4px; height:20px; overflow:hidden;">
      <div style="width:${barWidth}%; height:100%; background:${quality.color}; border-radius:4px; transition:width 0.3s;"></div>
    </div>
    <div style="display:flex; justify-content:space-between; font-size:0.7em; color:#7F8C8D; margin-top:2px;">
      <span>0 (-113 dBm)</span>
      <span>10 (-93 dBm)</span>
      <span>15 (-83 dBm)</span>
      <span>25 (-63 dBm)</span>
      <span>31 (-51 dBm)</span>
    </div>
    <div style="margin-top:8px; font-family:monospace; font-size:0.85em; color:#7F8C8D; background:#fff; padding:8px; border-radius:4px;">
      AT+CSQ → +CSQ: ${csqValue},99 → RSSI = -113 + (${csqValue} × 2) = ${rssi !== null ? rssi : '?'} dBm
    </div>
  </div>`;
}

Common Error Codes:

Error	Code	Meaning	Solution
`+CME ERROR: 10`	SIM not inserted	SIM card not detected	Reseat SIM, check orientation (notch corner)
`+CME ERROR: 14`	SIM busy	SIM PIN required or initialization	Disable PIN: `AT+CLCK="SC",0,"1234"`
`+CME ERROR: 30`	No network service	Not registered on network	Move outdoors, wait 60s, check signal
`+CME ERROR: 32`	Network not allowed	SIM not activated for roaming	Contact carrier, enable roaming
`ERROR`	Unknown command	AT command syntax error	Check command spelling, add `\r\n`

23.9 Real-World Deployment Considerations

23.9.1 SIM Card Selection and Activation

IoT SIM Providers:

Provider	Coverage	Data Plans	Features	Cost
1NCE	165 countries	500MB/10 years (prepaid)	Zero config, auto-roaming	$10 one-time
Hologram	196 countries	Pay-as-you-go $0.40/MB	Global SIM, dashboard API	$0.60/month + usage
Soracom	140 countries	$0.10/MB Japan, $0.80/MB global	Virtual SIM (eSIM), VPN	$1.20/month + usage
Twilio	200+ countries	$2/month + $0.10/MB	Programmable, SMS included	$2/month + usage
Truphone	190 countries	$2/month + $0.50/MB	Multi-IMSI, local breakout	$2/month + usage

Activation Checklist:

Purchase SIM: Buy IoT SIM (not consumer phone SIM—different APN and billing)
Register Device: Log into provider portal, register ICCID (SIM card ID) and IMEI (module ID)
Configure APN: Get APN from provider (e.g., iot.1nce.net), configure with AT+CGDCONT
Test Connection: Send test data, verify dashboard shows usage
Monitor Usage: Set up alerts for 80% data quota (avoid overage charges)

23.9.2 Data Plan Optimization

Bandwidth Math:

Sending 100-byte JSON payload every 30 minutes for 1 year:

Packets/day: 24 hours × 2 transmissions/hour = 48 packets/day
Bytes/day: 48 × 100 bytes = 4.8 KB/day
Total/year: 4.8 KB × 365 days = 1.75 MB/year

Plan Comparison:

1NCE (500MB/10 years): $10 one-time = $1/year → Cheapest for low-data
Hologram ($0.40/MB): 1.75 MB × $0.40 = $0.70/year + $0.60/month × 12 = $7.90/year
Twilio ($2/month + $0.10/MB): $24/year + $0.18 = $24.18/year

Best Practice: For low-data applications (<10MB/month), use prepaid plans (1NCE). For high-data or unpredictable usage, use pay-as-you-go (Hologram).

23.9.3 Antenna Selection and Placement

Antenna Types:

Type	Gain	Range	Placement	Use Case
Stubby (50mm)	0-2 dBi	Indoor only	On module	Prototyping, indoor sensors
Whip (150mm)	3-5 dBi	Indoor/outdoor	Vertical mount	General IoT, trackers
Magnetic (200mm)	5-7 dBi	Outdoor	Vehicle roof	Asset tracking, mobile
External Panel	8-12 dBi	Long range	Outdoor pole	Remote installations, rural

Placement Rules:

Vertical Orientation: LTE antennas are vertically polarized. Mount antenna perpendicular to ground for best signal.
Ground Plane: Metal surface improves stubby antenna performance by 3-5 dB (vehicle roof, metal enclosure).
Keep Clear: 10cm clearance from metal objects, batteries, cables (avoid RF detuning).
Cable Length: Use <5m cables (longer cables = 1 dB loss per meter at 2100 MHz).

Signal Strength Impact:

Stubby Indoor: -95 dBm (marginal) → 10% packet loss
Whip Outdoor: -75 dBm (excellent) → <1% packet loss
External Panel Rural: -105 dBm (usable) → 5% packet loss with NB-IoT

23.9.4 Power Budget Analysis

Complete Power Profile (SIM7000 NB-IoT):

State	Current	Duration	Energy per Cycle
Deep Sleep (PSM)	5 µA	3599s	0.018 mAh
Wake-Up	50 mA	1s	0.014 mAh
Network Attach	150 mA	5s	0.208 mAh
TX Peak	220 mA	2s	0.122 mAh
RX Listen	50 mA	1s	0.014 mAh
Return to Sleep	10 mA	2s	0.006 mAh
Total per Hour	—	3600s	0.382 mAh/hour

Battery Life Calculation:

Battery capacity: 2000 mAh (2× AA NiMH) Hourly consumption: 0.382 mAh Battery life: 2000 mAh ÷ 0.382 mAh/hour = 5,236 hours = 218 days = 7.2 months

Extending to 10 Years:

Need: 10 years × 365 days × 24 hours × 0.382 mAh = 33,487 mAh Solution: Use 2× D-cell LiSOCl₂ batteries (19,000 mAh each = 38,000 mAh total)

Verification: 38,000 mAh ÷ (0.382 mAh × 24) = 10.3 years ✓

Power Optimization Tips:

Increase Reporting Interval: 30 min → 1 hour = 2× battery life
Reduce TX Power: -10 dBm instead of +23 dBm = 1.5× battery life (if signal allows)
Use NB-IoT over LTE-M: NB-IoT = 5µA PSM vs LTE-M = 1mA eDRX = 200× better sleep current
Optimize Payload: 100 bytes → 50 bytes = 1.5× battery life (less TX time)

Try It: Power Budget Calculator

Configure your cellular IoT power profile to estimate battery life. Adjust sleep current, transmission parameters, and battery capacity to match the power budget table from the chapter.

Show code

viewof pbSleepCurrent = Inputs.range([1, 100], {value: 5, step: 1, label: "Sleep current (µA)"})
viewof pbSleepDuration = Inputs.range([60, 7200], {value: 3599, step: 1, label: "Sleep duration per cycle (seconds)"})
viewof pbTxCurrent = Inputs.range([50, 500], {value: 220, step: 10, label: "TX peak current (mA)"})
viewof pbTxDuration = Inputs.range([0.5, 30], {value: 2, step: 0.5, label: "TX duration (seconds)"})
viewof pbWakeCurrent = Inputs.range([10, 200], {value: 50, step: 5, label: "Wake + attach current (mA)"})
viewof pbWakeDuration = Inputs.range([1, 60], {value: 6, step: 1, label: "Wake + attach duration (seconds)"})
viewof pbBattery = Inputs.range([500, 40000], {value: 2000, step: 100, label: "Battery capacity (mAh)"})

Show code

{
  const cycleTime = pbSleepDuration + pbTxDuration + pbWakeDuration;
  const sleepEnergy = (pbSleepCurrent / 1000) * (pbSleepDuration / 3600);
  const txEnergy = pbTxCurrent * (pbTxDuration / 3600);
  const wakeEnergy = pbWakeCurrent * (pbWakeDuration / 3600);
  const cycleEnergy = sleepEnergy + txEnergy + wakeEnergy;
  const cyclesPerHour = 3600 / cycleTime;
  const mAhPerHour = cycleEnergy * cyclesPerHour;
  const hoursLife = pbBattery / mAhPerHour;
  const daysLife = hoursLife / 24;
  const yearsLife = daysLife / 365;
  const dutyCycle = ((pbTxDuration + pbWakeDuration) / cycleTime * 100);

  const lifeColor = yearsLife >= 5 ? '#16A085' : yearsLife >= 1 ? '#27AE60' : yearsLife >= 0.25 ? '#E67E22' : '#E74C3C';

  return html`<div style="background:#f8f9fa; border:1px solid #dee2e6; border-radius:6px; padding:16px; margin-top:8px;">
    <div style="display:grid; grid-template-columns:repeat(4, 1fr); gap:8px; margin-bottom:12px;">
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.7em; color:#7F8C8D;">Sleep Energy</div>
        <div style="font-weight:bold; color:#16A085;">${sleepEnergy.toFixed(4)} mAh</div>
      </div>
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.7em; color:#7F8C8D;">Wake Energy</div>
        <div style="font-weight:bold; color:#3498DB;">${wakeEnergy.toFixed(4)} mAh</div>
      </div>
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.7em; color:#7F8C8D;">TX Energy</div>
        <div style="font-weight:bold; color:#E67E22;">${txEnergy.toFixed(4)} mAh</div>
      </div>
      <div style="text-align:center; padding:8px; background:#fff; border-radius:4px; border:1px solid #dee2e6;">
        <div style="font-size:0.7em; color:#7F8C8D;">Per Cycle</div>
        <div style="font-weight:bold; color:#2C3E50;">${cycleEnergy.toFixed(4)} mAh</div>
      </div>
    </div>
    <div style="padding:16px; background:${yearsLife >= 1 ? '#d5f5e3' : '#fdebd0'}; border-radius:6px; text-align:center; margin-bottom:12px;">
      <div style="font-size:0.8em; color:#7F8C8D;">Estimated Battery Life</div>
      <div style="font-size:2em; font-weight:bold; color:${lifeColor};">
        ${yearsLife >= 1 ? yearsLife.toFixed(1) + ' years' : daysLife >= 1 ? Math.round(daysLife) + ' days' : Math.round(hoursLife) + ' hours'}
      </div>
      <div style="font-size:0.85em; color:#7F8C8D;">${pbBattery} mAh ÷ ${mAhPerHour.toFixed(3)} mAh/hr = ${Math.round(hoursLife).toLocaleString()} hours</div>
    </div>
    <div style="font-size:0.85em; color:#7F8C8D;">
      Duty cycle: ${dutyCycle.toFixed(2)}% active | Avg current: ${(mAhPerHour * 1000 / 1).toFixed(1)} µA | Cycle time: ${Math.round(cycleTime)}s
    </div>
  </div>`;
}

23.10 Visual Reference Gallery

Visual: Cellular Modem Architecture

Modern visualization of cellular IoT modem architecture showing baseband processor, RF frontend, antenna interface, and host MCU connection with AT command interface

Cellular Modem internal architecture

Understanding modem architecture helps explain why proper power supply design (LiPo battery, not USB) and antenna connection are critical for reliable cellular IoT implementations.

Visual: Cellular IoT Evolution

Geometric timeline showing cellular IoT evolution from 2G M2M through 3G, 4G LTE-M/NB-IoT to 5G NR with data rates, latency improvements, and key feature additions at each generation

Cellular IoT Evolution from 2G to 5G

This evolution diagram provides context for why NB-IoT and LTE-M (Release 13) represent optimized cellular technologies specifically designed for IoT applications rather than simply using smartphone connectivity.

Visual: Cellular Handover Mechanism

Geometric diagram of cellular handover process showing signaling between mobile device, source and target base stations, and core network during seamless transition

Cellular Handover for mobile assets

The handover mechanism is essential for mobile asset tracking implementations where vehicles or containers move between cell coverage areas while maintaining continuous connectivity.

Worked Example: Debugging “Module Not Responding” Issue

Scenario: You’ve wired a SIM7000 NB-IoT module to an ESP32, powered it on, but serial commands get no response. Here’s a systematic diagnostic approach.

Step 1: Verify Power Supply (Most Common Issue)

Symptom	Cause	Solution
Module LED doesn’t blink at all	No power reaching VBAT	Check wiring: ESP32 5V → module VBAT
LED blinks once then stops	USB power browns out during TX (2A spike)	Use LiPo battery (3.7V), not USB
Module resets every 5-10 seconds	Insufficient capacitance	Add 1000 µF capacitor near VBAT

Diagnostic Command:

// Measure voltage at VBAT pin during transmission
AT+CBC      // Check battery voltage (should be >3.6V, stable)

Expected: +CBC: 0,95,3.7 (charging=0, 95%, 3.7V) Actual (with USB): +CBC: 0,65,3.1 (voltage sags to 3.1V during TX → resets)

Fix:

// Replace USB power with LiPo
// Before:  ESP32 USB 5V → SIM7000 VBAT (causes brownouts)
// After:   LiPo 3.7V → SIM7000 VBAT + ESP32 VIN (stable)

Step 2: Verify Serial Communication

Test	Command	Expected Response	Diagnosis
Module alive?	`AT`	`OK`	Basic UART working
Echo enabled?	`ATE1`	`OK`	See commands echoed back
Baud rate?	Try 115200, 9600, 57600	`OK` at correct rate	Wrong baud = garbage
Hardware serial?	Check GPIO pins	UART1/UART2	SoftwareSerial unreliable

Common Serial Issues:

// WRONG: SoftwareSerial (causes timing issues at 115200 baud)
#include <SoftwareSerial.h>
SoftwareSerial sim(16, 17);  // RX, TX
sim.begin(115200);  // Too fast for SoftwareSerial → garbage

// CORRECT: Hardware Serial
HardwareSerial sim(1);  // UART1
sim.begin(115200, SERIAL_8N1, 16, 17);  // RX=16, TX=17

Diagnostic Test:

void setup() {
  Serial.begin(115200);  // Debug console
  sim.begin(115200, SERIAL_8N1, 16, 17);

  sim.println("AT");
  delay(300);
  while (sim.available()) {
    Serial.write(sim.read());  // Should print "AT\r\nOK\r\n"
  }
}

If you see: Garbage characters (��) → Baud rate mismatch If you see: Nothing → Wiring issue or module not powered If you see: AT OK → Serial working!

Step 3: Diagnose SIM Card Issues

Command	Expected Response	Failure Diagnosis
`AT+CPIN?`	`+CPIN: READY`	SIM card present and unlocked
`AT+CPIN?`	`+CPIN: SIM PIN`	SIM locked → need `AT+CPIN=1234`
`AT+CPIN?`	`ERROR`	SIM not detected → reseat SIM
`AT+CCID`	20-digit ICCID	SIM card physically readable

SIM Card Checklist:

Orientation: Notch corner in top-left (varies by module)
Contacts: Clean with isopropyl alcohol (fingerprints cause issues)
Type: Use IoT SIM, not consumer phone SIM (different APN)
Activation: Log into provider portal, verify SIM is active
PIN: Disable PIN lock or use AT+CLCK="SC",0,"1234" to unlock

Real Example: 1NCE IoT SIM:

AT+CPIN?                // Check SIM status
AT+CCID                 // Read ICCID: 89882280666009012345
AT+CGDCONT=1,"IP","iot.1nce.net"  // Configure APN

Step 4: Diagnose Network Registration

Command	Response	Meaning	Next Step
`AT+CREG?`	`+CREG: 0,1`	Registered home network ✓	Proceed to data
`AT+CREG?`	`+CREG: 0,2`	Searching for network	Wait 60s, check signal
`AT+CREG?`	`+CREG: 0,3`	Registration denied	Check SIM activation
`AT+CREG?`	`+CREG: 0,5`	Registered roaming ✓	Proceed (may cost more)
`AT+CSQ`	`+CSQ: 5,99`	RSSI=5 (very poor)	Move outdoors or add antenna
`AT+CSQ`	`+CSQ: 22,99`	RSSI=22 (good)	Signal OK

Network Registration Timeline (NB-IoT):

0s    Power on module
1s    AT+CFUN=1 (enable radio)
5s    Cell search starts
45s   Cell found (RSRP -105 dBm)
50s   RRC connection
55s   Authentication
60s   Attached! CREG reports 0,1

If stuck at “Searching” after 60 seconds:

Check signal: AT+CSQ → if RSSI < 10 (-103 dBm), move outdoors
Check band: AT+CPSI? → verify module using correct band (e.g., Band 13 in US)
Force operator: AT+COPS=1,2,"310260" → force T-Mobile (if auto-select fails)

Step 5: Diagnose Data Connection

Command	Response	Meaning	Next Step
`AT+CGATT?`	`+CGATT: 1`	GPRS attached ✓	Proceed to PDP
`AT+CGACT=1,1`	`OK`	PDP context activated ✓	Try HTTP
`AT+CGPADDR=1`	`+CGPADDR: 1,10.45.23.12`	IP assigned ✓	Connection ready
`AT+HTTPINIT`	`OK`	HTTP service ready	Send request
`AT+HTTPACTION=0`	`+HTTPACTION: 0,200,xxx`	HTTP GET success ✓	Data flowing

Complete Working Flow (Success Case):

AT+CPIN?                          // +CPIN: READY
AT+CSQ                            // +CSQ: 18,99 (signal OK)
AT+CREG?                          // +CREG: 0,1 (registered)
AT+CGDCONT=1,"IP","iot.1nce.net"  // OK (APN configured)
AT+CGACT=1,1                      // OK (PDP activated)
AT+CGPADDR=1                      // +CGPADDR: 1,10.45.23.12 (IP assigned)
AT+HTTPINIT                       // OK
AT+HTTPPARA="URL","http://httpbin.org/get"  // OK
AT+HTTPACTION=0                   // +HTTPACTION: 0,200,250 (success!)
AT+HTTPREAD                       // Read response
AT+HTTPTERM                       // OK (cleanup)

If HTTP fails with +HTTPACTION: 0,600,0:

Error Code	Meaning	Solution
600	No PDP context	Run `AT+CGACT=1,1` first
601	DNS resolution failed	Check APN, try `8.8.8.8` IP directly
602	Server unreachable	Check firewall, try `http://` not `https://`
603	Connection timeout	Increase timeout: `AT+HTTPARA="TIMEOUT",30`

Step 6: Diagnostic Script Pattern

Run these five sequential checks in setup() – each validates one stage:

void setup() {
  Serial.begin(115200);
  sim7000.begin(115200, SERIAL_8N1, SIM_RX, SIM_TX);

  // 1. Module alive?   AT -> OK
  // 2. SIM card?       AT+CPIN? -> READY
  // 3. Signal quality? AT+CSQ -> RSSI (>15 good, >10 ok)
  // 4. Registered?     AT+CREG? -> +CREG: 0,1
  // 5. Data attached?  AT+CGATT? -> +CGATT: 1

  sendCommand("AT", "OK", 2000);       // Stage 1
  sendCommand("AT+CPIN?", "READY", 5000);  // Stage 2
  sim7000.println("AT+CSQ");           // Stage 3
  sendCommand("AT+CREG?", "+CREG: 0,1", 60000); // Stage 4
  sendCommand("AT+CGATT?", "+CGATT: 1", 30000);  // Stage 5
}

Run this diagnostic, and within 90 seconds you’ll identify which stage fails:

Stage 1 fail → Power issue
Stage 2 fail → SIM card issue
Stage 3 fail → Antenna or location issue
Stage 4 fail → Coverage or operator issue
Stage 5 fail → APN configuration issue

Save hours of debugging by following this systematic approach instead of randomly trying commands.

🏷️ Label the Diagram

💻 Code Challenge

23.11 Summary

Module Selection Strategy guides your choice between NB-IoT and LTE-M based on mobility, data rate, and battery requirements. Use NB-IoT (SIM7020) for stationary sensors requiring 10-year battery life, and LTE-M (SIM7070) for mobile tracking with voice support.
Hardware Configuration requires careful attention to power supply (LiPo battery, not USB), antenna connection before power-on, and hardware serial for reliable AT command communication at 115200 baud.
AT Command Mastery enables network registration, APN configuration, and data transmission. The complete sequence from power-on to data upload typically takes 10-20 seconds, with network registration being the longest step (30-60 seconds in weak signal areas).
Power Optimization combines ESP32 deep sleep (10 microamps) with SIM7000 PSM (5 microamps) to achieve 15 microamps total system current, enabling 10-year battery life with 38,000 mAh D-cell batteries.
Data Plan Economics favor prepaid plans like 1NCE ($10 for 500MB/10 years) for low-data applications, while pay-as-you-go providers suit variable usage patterns. A 100-byte payload every 30 minutes consumes only 1.75 MB/year.
Troubleshooting Diagnostics rely on key AT commands: AT+CSQ for signal quality (aim for >15), AT+CPIN? for SIM status, AT+CREG? for network registration, and AT+CGACT? for PDP context activation.
Common Pitfall Avoidance requires designing for constrained bandwidth (under 1 KB payloads) and intermittent connectivity, not smartphone-style always-on connections. Misunderstanding this causes cost overruns exceeding 3,500%.

23.12 Knowledge Check

Auto-Gradable Quick Check

Match: Cellular IoT Implementation Concepts

Order: Cellular IoT Module Bring-Up Sequence

23.13 Concept Relationships

How This Connects

Builds on:

Cellular IoT Fundamentals - NB-IoT vs LTE-M technical specs inform module selection
Cellular IoT Applications - Real-world use cases define hardware requirements

Implements:

MQTT and CoAP protocols using AT commands over cellular
Cellular IoT Power Optimization - PSM/eDRX configuration in firmware

Extends to:

NB-IoT Labs - Deep dive into NB-IoT-specific configuration
Cellular IoT Deployment Planning - Applies implementation knowledge to field deployments

23.14 See Also

Related Resources

Module Datasheets:

SIMCom SIM7000 Series - NB-IoT/LTE-M dual-mode module documentation
Quectel BG96 - Quad-band LTE-M/NB-IoT with GNSS
u-blox SARA-R5 - Global LTE-M/NB-IoT module

Development Boards:

LilyGO T-SIM7000G - ESP32 + SIM7000 integrated board
Botletics SIM7000 Shield - Arduino-compatible cellular shield
Adafruit FONA 3G - Beginner-friendly cellular module

AT Command References:

SIM7000 Series AT Command Manual - Complete AT command reference
Quectel AT Commands Guide - Comprehensive AT command documentation

Code Libraries:

TinyGSM - Universal AT command library for Arduino/ESP32
MQTT Client for SIM7000 - MQTT over cellular example code

23.15 Try It Yourself

Hands-On Challenge

Task: Build and test a cellular IoT sensor that reports to the cloud.

Hardware Needed:

ESP32 development board
SIM7000 cellular module (or BG96)
IoT SIM card (1NCE, Hologram, or carrier SIM)
LiPo battery (3.7V, 2000+ mAh)
DHT22 temperature/humidity sensor
External LTE antenna

Challenge Steps:

1. Hardware Assembly

Wire SIM7000 to ESP32 hardware serial (TX→16, RX→17)
Connect LiPo battery to SIM7000 VBAT (add 1000µF capacitor)
Attach external antenna to SIM7000 antenna connector
Wire DHT22 sensor to ESP32 GPIO pin

2. Basic Connectivity Test Write Arduino code to: - Power on module with PWR_KEY - Check SIM card status (AT+CPIN?) - Register on network (AT+CREG?) - Get signal quality (AT+CSQ) and log RSSI - Activate PDP context (AT+CGACT=1,1) - Get IP address (AT+CGPADDR=1)

3. Sensor Data Transmission Extend code to: - Read DHT22 temperature and humidity every 5 minutes - Format data as JSON: {"temp":23.5,"humidity":60.2,"device":"ESP32-001"} - Send via HTTP POST to ThingSpeak or your cloud endpoint - Enter PSM sleep mode between transmissions

4. Power Optimization Measure and optimize: - Baseline current during transmission: _____ mA - PSM sleep current: _____ µA - Calculated battery life with 2000 mAh battery: _____ days - Target: Achieve >30 days on single charge

5. Troubleshooting Exercise Deliberately introduce these faults and diagnose: - Remove antenna → Should see AT+CSQ return low RSSI - Wrong APN → AT+CGACT=1,1 fails - Insufficient power → Module resets during transmission - Use your diagnostic script to identify each fault

Expected Learning Outcomes:

Understand AT command flow from power-on to data transmission
Experience real network registration delays (30-60s)
Learn to interpret signal quality and coverage issues
Calculate actual power consumption vs theoretical
Build troubleshooting intuition for field deployments

Bonus Challenge:

Implement MQTT instead of HTTP for persistent connection
Add geofencing alerts using GPS coordinates
Create a dashboard to visualize sensor data over time
Optimize payload size to minimize data costs (<100 bytes/message)

Common Pitfalls

1. Not Implementing AT Command Flow Control

Sending AT commands to cellular modems without hardware flow control (RTS/CTS) or software flow control (XON/XOFF) causes buffer overflows on high-speed UART at rates >115200 baud. Buffer overflow results in corrupted AT responses, missed URCs (Unsolicited Result Codes), and modem unresponsiveness. Always configure UART hardware flow control and implement a command queue with response timeout of at least 300 ms for standard AT commands.

2. Assuming Immediate Registration After Power-Up

Cellular modems require 5–60 seconds to complete network registration after power-up, depending on signal strength, coverage class, and PLMN selection. Firmware that sends data immediately after modem initialization without checking AT+CEREG registration status will fail silently. Poll AT+CEREG every 2 seconds with a 90-second timeout; fall back to restarting the modem if registration fails within the timeout period.

3. Using TCP for All Cellular IoT Communication

TCP’s three-way handshake, ACK overhead, and keep-alive traffic consume significant data on metered cellular plans. A TCP connection with 10-second keep-alive generates 1,440 packets/day of pure overhead — using ~7 MB/month on a device with a 10 MB data plan. Use UDP + application-layer acknowledgment (CoAP confirmable, MQTT-SN with QoS 1) for short sensor messages; reserve TCP for high-reliability command channels where session continuity is needed.

4. Hardcoding Carrier APN Settings

APN settings vary by carrier, country, and M2M vs consumer plan. Hardcoding a specific APN (e.g., “m2m.verizon.com”) means the device fails on a different carrier or when the user changes carriers via eSIM. Store APN settings in non-volatile configuration, allow runtime modification via device management protocol (LwM2M object /11/0/1), and provide a fallback discovery mechanism (try known APNs in order if user-configured APN fails).

23.16 What’s Next

Chapter	Focus	Link
Cellular IoT Comprehensive Review	NB-IoT vs LTE-M comparison, network architecture review	cellular-iot-comprehensive-review.html
NB-IoT Labs and Implementation	Hands-on NB-IoT module configuration and testing	nb-iot-labs-and-implementation.html
Cellular IoT Power Optimization	PSM/eDRX timer configuration, signaling optimization	cellular-iot-power-optimization.html
Cellular IoT Deployment Planning	Coverage analysis, carrier selection, field deployment	cellular-iot-deployment-planning.html
Cellular IoT Applications	Real-world use cases: smart metering, fleet tracking, agriculture	cellular-iot-applications.html

In the next chapter, Cellular IoT Comprehensive Review, we compare NB-IoT vs LTE-M in depth, explore network architecture, and review quiz questions to solidify your understanding.