cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
665
Views
0
Helpful
3
Replies

Isr4321 version 16.9 can't nomal work with dual wan

fishlonely
Level 1
Level 1

when the dialer up again  , the lan can't access the internet  . when the dialer is down ,the lan can access the internet

 

config:

    

Building configuration...


Current configuration : 44882 bytes
!
! Last configuration change at 17:55:52 CST Sun Jun 21 2020 by cisco
!
version 16.9
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ciscoRT
!
boot-start-marker
boot system bootflash:isr4300-universalk9.16.09.04.SPA.bin
boot system bootflash:isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 64000
enable secret 5 $1$h9lx$ZeMfms0rmjHvLCVem/SqV.
enable password 07502628LLZep
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa login success-track-conf-time 1
!
!
!
!
aaa session-id common
clock timezone CST 8 0
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
!
!
!
!
license udi pid ISR4321/K9 sn FDO225000UH
license accept end user agreement
license boot level appxk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username cisco privilege 15 password 0 07502628LLZln
username webui privilege 15 password 0 cisco
username admin privilege 15 password 0 123libAdmin
!
redundancy
mode none
!
!
!
!
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.108.1 255.255.255.0
ip nat inside
ip access-group 195 in
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.900
encapsulation dot1Q 900
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1.1000
encapsulation dot1Q 1000
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip access-group 188 out
encapsulation ppp
ip tcp adjust-mss 1400
shutdown
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username 059406012606 password 0 139713
ppp ipcp route default
ip virtual-reassembly
!
router rip
version 1
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip http server
ip http authentication aaa
ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip dns server
ip nat inside source route-map v1000-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v1000-2 interface Dialer1 overload
ip nat inside source route-map v900-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v900-2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.1 200
ip route 192.168.0.0 255.255.0.0 GigabitEthernet0/0/0
ip route 192.168.109.0 255.255.255.0 192.168.108.108
ip route 192.168.128.0 255.255.255.0 192.168.108.135
ip route 192.168.128.0 255.255.255.0 GigabitEthernet0/0/0
!
!
!
ip access-list standard EPC
permit any
!
ip access-list extended lan1
permit ip 192.168.108.0 0.0.0.255 any
ip access-list extended lan2
permit ip 192.168.108.0 0.0.0.255 any
ip sla 1
icmp-echo 114.114.114.114 source-interface Dialer1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 114.114.115.115 source-interface Dialer1
frequency 10
ip sla schedule 2 life forever start-time now
ip access-list extended 100
permit icmp 192.168.108.0 0.0.0.255 any
permit tcp 192.168.108.0 0.0.0.255 any
permit udp 192.168.108.0 0.0.0.255 any
ip access-list extended 101
permit ip 192.168.108.0 0.0.0.255 any
ip access-list extended 102
permit ip 192.168.108.0 0.0.0.255 any

dialer-list 1 protocol ip permit
arp 192.168.108.1 0029.c2d0.be20 ARPA
arp 192.168.108.254 d478.9bce.0a2b ARPA
!
!
route-map yd-1 permit 10
match ip address 101
match interface GigabitEthernet0/0/1.1000
!
route-map lt-1 permit 10
match ip address 102
match interface GigabitEthernet0/0/1.1000
!
route-map lt permit 10
match ip address 102 101
match interface Dialer1
!
route-map yd permit 10
match ip address 101 102
match interface Dialer1
!
route-map v900-2 permit 10
match ip address lan1
match interface Dialer1
!
route-map v900-1 permit 10
match ip address lan1
match interface GigabitEthernet0/0/1.1000
!
route-map v1000-2 permit 10
match ip address lan2
match interface Dialer1
!
route-map v1000-1 permit 10
match ip address lan2
match interface GigabitEthernet0/0/1.1000
!
!
!
!
!
control-plane
!
!
line con 0
password 07502628LLZln
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
password 07502628LLZvt
length 0
transport input ssh
line vty 1 4
password 07502628LLZtm
!
ntp master
ntp server 0.us.pool.ntp.org
ntp server 1.us.pool.ntp.org
ntp server 2.us.pool.ntp.org
time-range NormalRange
periodic daily 22:00 to 23:59
periodic daily 0:00 to 10:00
!
time-range timeRangeDeepNight
periodic daily 0:00 to 3:00
periodic daily 22:00 to 23:59
!
time-range timeRangeMidRest
periodic daily 20:30 to 21:05
!
time-range timeRangeTotalBanChengPad
periodic daily 0:00 to 19:45
periodic daily 21:45 to 23:59
!
time-range totalRange
periodic daily 0:00 to 23:59
!
!
!
!
!
!
end

3 Replies 3

Hello,

 

there is a lot of redundant stuff in your configuration, which I removed. Make sure your config looks like the one below, and test again:

 

Current configuration : 44882 bytes
!
! Last configuration change at 17:55:52 CST Sun Jun 21 2020 by cisco
!
version 16.9
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ciscoRT
!
boot-start-marker
boot system bootflash:isr4300-universalk9.16.09.04.SPA.bin
boot system bootflash:isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 64000
enable secret 5 $1$h9lx$ZeMfms0rmjHvLCVem/SqV.
enable password 07502628LLZep
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa login success-track-conf-time 1
!
aaa session-id common
clock timezone CST 8 0
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
vpdn enable
!
license udi pid ISR4321/K9 sn FDO225000UH
license accept end user agreement
license boot level appxk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 password 0 07502628LLZln
username webui privilege 15 password 0 cisco
username admin privilege 15 password 0 123libAdmin
!
redundancy
mode none
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0/0
ip address 192.168.108.1 255.255.255.0
ip nat inside
ip access-group 195 in
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.900
encapsulation dot1Q 900
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1.1000
encapsulation dot1Q 1000
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip access-group 188 out
encapsulation ppp
ip tcp adjust-mss 1400
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username 059406012606 password 0 139713
ppp ipcp route default
ip virtual-reassembly
!
router rip
version 1
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip http server
ip http authentication aaa
ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip dns server
!
ip nat inside source route-map v900-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v900-2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.1 200
iip route 192.168.109.0 255.255.255.0 192.168.108.108
ip route 192.168.128.0 255.255.255.0 192.168.108.135
ip route 192.168.128.0 255.255.255.0 GigabitEthernet0/0/0
!
ip access-list extended lan1
permit ip 192.168.108.0 0.0.0.255 any
!
ip sla 1
icmp-echo 114.114.114.114 source-interface Dialer1
frequency 10
ip sla schedule 1 life forever start-time now
!
dialer-list 1 protocol ip permit
arp 192.168.108.1 0029.c2d0.be20 ARPA
arp 192.168.108.254 d478.9bce.0a2b ARPA
!
route-map v900-2 permit 10
match ip address lan1
match interface Dialer1
!
route-map v900-1 permit 10
match ip address lan1
match interface GigabitEthernet0/0/1.1000
!
control-plane
!
line con 0
password 07502628LLZln
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
password 07502628LLZvt
length 0
transport input ssh
line vty 1 4
password 07502628LLZtm
!
ntp master
ntp server 0.us.pool.ntp.org
ntp server 1.us.pool.ntp.org
ntp server 2.us.pool.ntp.org
!
end

hi,thank you 

  you remove this  "  ip nat inside source route-map v1000-1 interface GigabitEthernet0/0/1.1000 overload
                              ip nat inside source route-map v1000-2 interface Dialer1 overload"

i configed this ,but  the situation remains unchanged.

Hello,

 

post the current full running configuration again with the changes you have made...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: