02-06-2023 03:59 PM - last edited on 02-08-2023 10:19 PM by Translator
Hello
I'm a home/small office user with a cisco router C1121X-8PLTEP.
Problem: Primary WAN configuration in WebUi shows un-configured when I edit config via CLI and update the default route.
Interface GigabitEthernet0/0/1 is configured as the WAN interface and is connected via ethernet to a fibre to the curb modem. GigabitEthernet0/0/1 gets its IP via DHCP from the modem. This works ok.
When configuring the C1121X using the WebUi you can toggle the config for GigabitEthernet0/0/1 to be LAN or WAN.
WebUi WAN configuration results in the Primary WAN being recognised as configured, and a default route that does not allow connectivity to the internet.
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
If I edit the configuration via CLI and modify the default route, then connection to the internet works OK, but the Primary WAN configuration status in the WebUi changes to not configured.
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 dhcp
This appears to be a cosmetic issue, but what might a different CLI configuration be that would allow me to keep the WebUi automatically created default route so the Primary WAN stays green?
Suggestions welcome.
Solved! Go to Solution.
02-07-2023 01:07 AM
This is an interesting situation. I do not have experience with this platform and do not have any suggestion of what you could do for a solution but believe that I can shed some light on the issue. A static route which specifies an outbound interface with no additional parameters can be problematic when the outbound interface is Ethernet. One of the potential issues is that this configuration requires that the router arp for every remote destination. This requires that the next hop device implements proxy arp. It sounds like your ISP does not support proxy arp (there are some ISP who do not support proxy arp because of the security implications and it seems that your ISP is one of them). Your manual config makes it work but the GUI does not recognize it. I would hope that Cisco would recognize the flaw in their GUI and change it.
02-07-2023 01:07 AM
This is an interesting situation. I do not have experience with this platform and do not have any suggestion of what you could do for a solution but believe that I can shed some light on the issue. A static route which specifies an outbound interface with no additional parameters can be problematic when the outbound interface is Ethernet. One of the potential issues is that this configuration requires that the router arp for every remote destination. This requires that the next hop device implements proxy arp. It sounds like your ISP does not support proxy arp (there are some ISP who do not support proxy arp because of the security implications and it seems that your ISP is one of them). Your manual config makes it work but the GUI does not recognize it. I would hope that Cisco would recognize the flaw in their GUI and change it.
02-08-2023 03:11 PM
Thanks Richard, The answer does not resolve the issue, but your guidance is appreciated.
There is a new version of the ios available, I'll make plans to update soon and see if that fixes the webgui issue. If it does I'll report back here.
04-20-2023 11:31 PM
@juddcharles I have a cisco C1111-4P ISR and have experienced the same. I tried adding the upstream gateway as the next hop
04-20-2023 11:51 PM - edited 04-20-2023 11:56 PM
I think the secret to this problem is understanding what the status WAN check is actually looking for before it will go green. i don't know the answer to this.
I never did get this cosmetic problem resolved.
When making changes to the router, I try to avoid using the web gui now as I simply don't trust it.
Using the web gui also seems to make a mess of zone based firewall application/layer 7 inspection rules.
i.e.: if editing interface GigabitEthernet0/0/1 using the web gui and saving the changes, my preferred default route get's over written and i loose WAN connectivity again. If I add "block youtube" as an application block, remove the change, then re-add I get odd behaviour or missing nbar entry error messages thrown up, but I can see the entry in the nbar list.
I'm not convinced this is a mature product for small business (when using the web gui). I like what is offers. but it is not well or robustly executed.
I've resigned myself to just using the CLI for config management. Time consuming but reliable.
Using the CLI for all configuration has been bullet proof.
04-22-2023 01:52 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide