Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
714
Views
0
Helpful
3
Replies

Isr4321 version 16.9 can't nomal work with dual wan

fishlonely
Level 1
Level 1

‎06-21-2020 04:48 AM

when the dialer up again  , the lan can't access the internet  . when the dialer is down ,the lan can access the internet

 

config:

    

Building configuration...


Current configuration : 44882 bytes
!
! Last configuration change at 17:55:52 CST Sun Jun 21 2020 by cisco
!
version 16.9
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ciscoRT
!
boot-start-marker
boot system bootflash:isr4300-universalk9.16.09.04.SPA.bin
boot system bootflash:isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 64000
enable secret 5 $1$h9lx$ZeMfms0rmjHvLCVem/SqV.
enable password 07502628LLZep
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa login success-track-conf-time 1
!
!
!
!
aaa session-id common
clock timezone CST 8 0
!
!
!
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
!
!
!
!
license udi pid ISR4321/K9 sn FDO225000UH
license accept end user agreement
license boot level appxk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username cisco privilege 15 password 0 07502628LLZln
username webui privilege 15 password 0 cisco
username admin privilege 15 password 0 123libAdmin
!
redundancy
mode none
!
!
!
!
!
!
track 1 ip sla 1 reachability
!
track 2 ip sla 2 reachability
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.108.1 255.255.255.0
ip nat inside
ip access-group 195 in
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.900
encapsulation dot1Q 900
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1.1000
encapsulation dot1Q 1000
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip access-group 188 out
encapsulation ppp
ip tcp adjust-mss 1400
shutdown
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username 059406012606 password 0 139713
ppp ipcp route default
ip virtual-reassembly
!
router rip
version 1
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip http server
ip http authentication aaa
ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip dns server
ip nat inside source route-map v1000-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v1000-2 interface Dialer1 overload
ip nat inside source route-map v900-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v900-2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.1 200
ip route 192.168.0.0 255.255.0.0 GigabitEthernet0/0/0
ip route 192.168.109.0 255.255.255.0 192.168.108.108
ip route 192.168.128.0 255.255.255.0 192.168.108.135
ip route 192.168.128.0 255.255.255.0 GigabitEthernet0/0/0
!
!
!
ip access-list standard EPC
permit any
!
ip access-list extended lan1
permit ip 192.168.108.0 0.0.0.255 any
ip access-list extended lan2
permit ip 192.168.108.0 0.0.0.255 any
ip sla 1
icmp-echo 114.114.114.114 source-interface Dialer1
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 114.114.115.115 source-interface Dialer1
frequency 10
ip sla schedule 2 life forever start-time now
ip access-list extended 100
permit icmp 192.168.108.0 0.0.0.255 any
permit tcp 192.168.108.0 0.0.0.255 any
permit udp 192.168.108.0 0.0.0.255 any
ip access-list extended 101
permit ip 192.168.108.0 0.0.0.255 any
ip access-list extended 102
permit ip 192.168.108.0 0.0.0.255 any

dialer-list 1 protocol ip permit
arp 192.168.108.1 0029.c2d0.be20 ARPA
arp 192.168.108.254 d478.9bce.0a2b ARPA
!
!
route-map yd-1 permit 10
match ip address 101
match interface GigabitEthernet0/0/1.1000
!
route-map lt-1 permit 10
match ip address 102
match interface GigabitEthernet0/0/1.1000
!
route-map lt permit 10
match ip address 102 101
match interface Dialer1
!
route-map yd permit 10
match ip address 101 102
match interface Dialer1
!
route-map v900-2 permit 10
match ip address lan1
match interface Dialer1
!
route-map v900-1 permit 10
match ip address lan1
match interface GigabitEthernet0/0/1.1000
!
route-map v1000-2 permit 10
match ip address lan2
match interface Dialer1
!
route-map v1000-1 permit 10
match ip address lan2
match interface GigabitEthernet0/0/1.1000
!
!
!
!
!
control-plane
!
!
line con 0
password 07502628LLZln
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
password 07502628LLZvt
length 0
transport input ssh
line vty 1 4
password 07502628LLZtm
!
ntp master
ntp server 0.us.pool.ntp.org
ntp server 1.us.pool.ntp.org
ntp server 2.us.pool.ntp.org
time-range NormalRange
periodic daily 22:00 to 23:59
periodic daily 0:00 to 10:00
!
time-range timeRangeDeepNight
periodic daily 0:00 to 3:00
periodic daily 22:00 to 23:59
!
time-range timeRangeMidRest
periodic daily 20:30 to 21:05
!
time-range timeRangeTotalBanChengPad
periodic daily 0:00 to 19:45
periodic daily 21:45 to 23:59
!
time-range totalRange
periodic daily 0:00 to 23:59
!
!
!
!
!
!
end

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎06-21-2020 09:03 AM

Hello,

 

there is a lot of redundant stuff in your configuration, which I removed. Make sure your config looks like the one below, and test again:

 

Current configuration : 44882 bytes
!
! Last configuration change at 17:55:52 CST Sun Jun 21 2020 by cisco
!
version 16.9
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ciscoRT
!
boot-start-marker
boot system bootflash:isr4300-universalk9.16.09.04.SPA.bin
boot system bootflash:isr4300-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 64000
enable secret 5 $1$h9lx$ZeMfms0rmjHvLCVem/SqV.
enable password 07502628LLZep
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa login success-track-conf-time 1
!
aaa session-id common
clock timezone CST 8 0
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
vpdn enable
!
license udi pid ISR4321/K9 sn FDO225000UH
license accept end user agreement
license boot level appxk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 password 0 07502628LLZln
username webui privilege 15 password 0 cisco
username admin privilege 15 password 0 123libAdmin
!
redundancy
mode none
!
track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0/0
ip address 192.168.108.1 255.255.255.0
ip nat inside
ip access-group 195 in
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1.900
encapsulation dot1Q 900
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1.1000
encapsulation dot1Q 1000
ip address 192.168.1.254 255.255.255.0
ip nat outside
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip nat outside
ip access-group 188 out
encapsulation ppp
ip tcp adjust-mss 1400
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username 059406012606 password 0 139713
ppp ipcp route default
ip virtual-reassembly
!
router rip
version 1
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip http server
ip http authentication aaa
ip http secure-server
ip tftp source-interface GigabitEthernet0/0/0
ip dns server
!
ip nat inside source route-map v900-1 interface GigabitEthernet0/0/1.1000 overload
ip nat inside source route-map v900-2 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.1.1 200
iip route 192.168.109.0 255.255.255.0 192.168.108.108
ip route 192.168.128.0 255.255.255.0 192.168.108.135
ip route 192.168.128.0 255.255.255.0 GigabitEthernet0/0/0
!
ip access-list extended lan1
permit ip 192.168.108.0 0.0.0.255 any
!
ip sla 1
icmp-echo 114.114.114.114 source-interface Dialer1
frequency 10
ip sla schedule 1 life forever start-time now
!
dialer-list 1 protocol ip permit
arp 192.168.108.1 0029.c2d0.be20 ARPA
arp 192.168.108.254 d478.9bce.0a2b ARPA
!
route-map v900-2 permit 10
match ip address lan1
match interface Dialer1
!
route-map v900-1 permit 10
match ip address lan1
match interface GigabitEthernet0/0/1.1000
!
control-plane
!
line con 0
password 07502628LLZln
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
password 07502628LLZvt
length 0
transport input ssh
line vty 1 4
password 07502628LLZtm
!
ntp master
ntp server 0.us.pool.ntp.org
ntp server 1.us.pool.ntp.org
ntp server 2.us.pool.ntp.org
!
end

0 Helpful

fishlonely
Level 1
Level 1
In response to Georg Pauwen

‎06-21-2020 04:39 PM

hi,thank you 

  you remove this  "  ip nat inside source route-map v1000-1 interface GigabitEthernet0/0/1.1000 overload
                              ip nat inside source route-map v1000-2 interface Dialer1 overload"

i configed this ,but  the situation remains unchanged.

0 Helpful

Georg Pauwen
VIP
VIP
In response to fishlonely

‎06-21-2020 11:07 PM

Hello,

 

post the current full running configuration again with the changes you have made...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card