Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
3
Replies

Cisco 881 Router failing web traffic to some websites

Go to solution
adaptableit
Level 1
Level 1

‎12-22-2015 04:16 PM - edited ‎03-05-2019 02:59 AM

We're moving a client from multiple ADSLs to an EoC connection

Using this new connection, most websites work, however some of the big ones don't. cisco.com is fine, so is google.com, Microsoft.com etc.

amazon.com goes to a blank page, speedtest.net can be pinged and tracert however browsing to it fails (as it rediects to another site). Some pages show only the text, as the graphics are located elsewhere. 

This  looks like its going to be a simple setting missing, though it's got me stumped, so appreciate any help.

Thanks

__________________________________________________________


SLH#show running-config
Building configuration...

Current configuration : 4024 bytes
!
! Last configuration change at 01:51:34 UTC Tue Dec 22 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SLH
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 ---------------------------------------------------
enable password --------------------------------
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2519873192
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2519873192
 revocation-check none
 rsakeypair TP-self-signed-2519873192
!
!
crypto pki certificate chain TP-self-signed-2519873192
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32353139 38373331 3932301E 170D3135 31323037 30323031
  35365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35313938
  37333139 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C560 03623847 FC1DCA47 CAC4FD91 3786D271 4FB42CFF 777E727D 50DD8952
  98DC5272 57973E95 C4B3DE7F 86EC9EA4 83519FA8 EEEB1119 EFF0DEBD 4EB8EDFA
  B7987CF2 6DD7BBCF 384CFE8F C4D158E5 F6CCE522 9CF04A34 6557AC68 F0EEDF9A
  A5C0A4B2 61B202EF 8F3A282A 84E2C87F CA1CAAE3 203C647A 1E57DA00 B00A6F33
  05E30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14867BA4 06DF8511 84A82EA9 DF37394D 60CF949E 36301D06
  03551D0E 04160414 867BA406 DF851184 A82EA9DF 37394D60 CF949E36 300D0609
  2A864886 F70D0101 05050003 818100AB 051F418E 27C28BD0 C6F2D932 BC36C833
  1E797030 0CF7D5AC 70713CF5 16475712 A9A8DC74 D8D5F034 885DCD0A 2AFD03A3
  53148ABF 3E087895 78C45AC3 39890990 D45AD283 8A364855 5C5348F2 9F9033B7
  A7D806C3 F243E3B1 EDF2A136 59E8BEB1 C61CA006 58B70E33 1998420C E93CB4B2
  799D98ED 3F8AF0C9 2490126C 0738C3
        quit
!
!
!
!

!
ip dhcp excluded-address 203.213.79.139 203.213.79.142
ip dhcp excluded-address 203.213.79.137
!
ip dhcp pool myDHCPPool
 network 203.213.79.136 255.255.255.248
 default-router 203.213.79.137
 dns-server 8.8.8.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
vpdn enable
!
vpdn-group 1
!
!
!
!
!
!
!
!
license udi pid C881-K9 sn FGL194422UA
!
!
username Admin privilege 15 secret 5 -------------------------------------------
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
 shutdown
!
interface FastEthernet3
 no ip address
!
interface FastEthernet4
 ip address 120.88.168.178 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan1
 ip address 203.213.79.137 255.255.255.248
!
interface Dialer1
 ip address negotiated
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username wat160502@pig.tpg.com.au password 0 160502wat
 ppp ipcp dns request
 ppp ipcp address accept
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 203.213.79.136 255.255.255.248 Vlan1
!
!
access-list 55 permit 203.12.160.5
access-list 55 permit 172.29.0.3
access-list 55 permit 172.29.0.4
access-list 55 permit 172.29.0.10
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 password ----------------------------------------------------
 login local
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
SLH#

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎12-22-2015 07:50 PM

You have gone from a circuit with a 1500 byte MTU to a 1492 byte MTU.  Make some adjustments like:

int vlan 1

  ip tcp adjust-mss 1400

interface Dialer1

  mtu 1492

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎12-22-2015 07:50 PM

You have gone from a circuit with a 1500 byte MTU to a 1492 byte MTU.  Make some adjustments like:

int vlan 1

  ip tcp adjust-mss 1400

interface Dialer1

  mtu 1492

0 Helpful

Go to solution
adaptableit
Level 1
Level 1
In response to Philip D'Ath

‎12-22-2015 07:57 PM

Thanks for the tip, I'll give it a go. How did you pick that from the config? I can't see 1500 or 1492 in there at all

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to adaptableit

‎12-22-2015 08:01 PM

A lot of ADSL configs use an MTU of 1500, so there is nothing to configure.

PPPoE (which I can see you using) has an 8 byte overhead.  You said you moved connections, so you just lost 8 bytes that you didn't used to.

This will mean if you try and download anything with a size between 1492 and 1500 the packet will now get dumped.  Some web servers do "black hole detection", so by their good management and a bit of luck you can see those sites.  Others use a permanently lower MSS to catch miss-configurations like this one.  Most don't, and you can't see those web sites.

However the best fix is not to rely on luck, and configure the correct MTU and do an MSS adjustment to catch the remaining issues.

If it works (and I think there is a pretty good chance) please mark my answer as correct.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card