Solved: Re: Random websites doesn't work

radu silviu-ionut · ‎08-27-2013

Greatings,

I have an

awkward

behaviour of a

CISCO 1921/K9

configured with WAN on a

PPPoE

Connection. Some websites, a few, does not load at all, but subdomains of the above not working website, DOES load (slower, but they do).

How come? I have no clue why. A colegue spoked with the ISP and said that sometime CISCO devs need to be configured with a higher cache!

Now, what kind of cache is it about?

here is my runnning conf:

gw01#sh run

Building configuration...







Current configuration : 5735 bytes

!

! No configuration change since last restart

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname gw01

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.3.1

!

ip dhcp pool DSL_DHCP

network 192.168.3.0 255.255.255.0

default-router 192.168.3.1

dns-server 213.154.124.1 193.231.252.1

!

!

ip domain name mydomain.local

ip name-server 213.154.124.1

ip name-server 193.231.252.1

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3660350312

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3660350312

revocation-check none

rsakeypair TP-self-signed-3660350312

!

!

crypto pki certificate chain TP-self-signed-3660350312

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363630 33353033 3132301E 170D3133 30383236 30373537

  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363033

  35303331 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100D1D6 3320C0F8 3B498654 4C395FAE C5E6C8B7 DD8602CA 5CB77F99 0DDDCBEF

  CE7D529E 607CFD6F 835A76C2 FDF177FB FFFCEFFF 5724F7CF 41AD3734 18E47CC3

  EFB3FE1B 0C94FD90 21482754 4A9EC532 8526F4C9 2BAF9ECD 7000D8B0 76722517

  16F5B991 1FEC6B74 A631FA63 877DB3C8 F86275CA C0B01EBD DC031A84 CD4F90DD

  35430203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14F1C5F3 A0AC712A 688AAA47 F97E5BB4 9141C410 C4301D06

  03551D0E 04160414 F1C5F3A0 AC712A68 8AAA47F9 7E5BB491 41C410C4 300D0609

  2A864886 F70D0101 05050003 8181000E 248E5FA3 0374D89D FBBCDFE3 D26A993E

  5659E560 F0DF6B5D CD23761F 8D9B6784 9F204D80 B1AC2A05 E4F72927 868E829C

  06B1CF3D 16898DC9 348A4DD9 18A4D307 F109E4C0 D91BC160 C84B1F6A 5004B6C0

  18E64577 40BCAF80 69184398 1AFD5DEE FE889E4B 7190B4E9 AA888195 79A8D450

  A9228CD9 EACBA6A0 EDDA85AF 40AC62

        quit

license udi pid CISCO1921/K9 sn FCZ163021Q6

!

!

username master privilege 15 secret 4 H3rE'l1_6e_+h3_p@5sw08D                                                                                        c

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description DSL INT$ES_WAN$

no ip address

ip flow ingress

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/1

ip address 192.168.3.1 255.255.255.0

ip flow ingress

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname CRPTR208065987

ppp chap password 0 208065987

ppp pap sent-username CRPTR208065987 password 0 PASSWORD

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list DSL_ACC interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip access-list extended DSL_ACC

remark CCP_ACL Category=18

permit ip 192.168.3.0 0.0.0.255 any

!

!

!

!

!

!

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Any help will be much apreciated! Thank you.

Mike Williams · ‎08-27-2013

For

PPPoE

you need to adjust the TCP maximum segment size. Under the LAN interface, enter the command

ip tcp adjust-mss 1452

Standard practice is to configure the mss as 40 bytes less than the MTU for Ethernet overhead.

Regards,
Mike

Sent from Cisco Technical Support Android App

View solution in original post

Seb Rupik · ‎08-27-2013

Hi,

There is nothing unusual about your config that would single out particular websites.

Are you running

IPv6

on your network? I have seen some cases where a browser will attempt an

IPv6

connection and just hang there. It is possible that the

sub-sites

do not have

AAAA DNS

records so your browser connects using

IPv4

Are you able to run a

packet capture

on your machine, filtering on destination address and port 80, to see what traffic is being generated.

What are the URLs of these websites; both the working and slow ones?

Can I also suggest you enable

service password-encryption

on your router.

cheers,

Seb.

radu silviu-ionut · ‎08-27-2013

Hi,

Thank you for your replay, Seb Rupik.

We run IP v4 in the LAN, no IP v6.

the sites that are not working:

www.microsoft.com, adobe.com, behance.com and some more.

this is not working

hotnews.ro, but forum.hotnews.ro

it does load.

Strange thing is that it hangs after the browser get a Status 200 respons from the remote web server on every website that doesn't work.

Websites that works:

google.com, yahoo.com, ultrashock.com, youtube.com.

I'm sorry, I can't install any packet sniffer on this machine.

Thank you.

Seb Rupik · ‎08-27-2013

Has your web browser been configured to use a proxy?

If you have a second web browser installed to you get the same result?

Do you have a webcache server installed on the network?

radu silviu-ionut · ‎08-27-2013

I have two browsers, IE and Fierfox, both hangs on getting the result form destination web server at the first GET.

Other destination websites hangs after (in Firefox) the browser took some resources, but displays none. But I can see its source.

No proxy config-ed.

Webcache server, not that I know about.

willymaldonado1 · ‎08-27-2013

No too long ago I experienced the same problem and it turned out to be my isp DNS, they replace who knows what but it took them 15 days to have our transmission back to normal.... while waiting for a fix we used google's

dns 8.8.8.8

and we were able to access the web again......

ErnestoJuarez · ‎12-23-2022

same issue , I can't install any packet sniffer on my machine.

Ernesto - Certified Cisco Specialist.

Mike Williams · ‎08-27-2013

For

PPPoE

you need to adjust the TCP maximum segment size. Under the LAN interface, enter the command

ip tcp adjust-mss 1452

Standard practice is to configure the mss as 40 bytes less than the MTU for Ethernet overhead.

Regards,
Mike

Sent from Cisco Technical Support Android App

radu silviu-ionut · ‎08-28-2013

Thank you Mike Williams and all of you guys.

This command has did the job.

(But for my own culture, can you please explain to me what does mss means?)

Edit:

I got it.

Thank you again.

Mike Williams · ‎08-28-2013

I'm glad you got it working.

Regards,

Mike

andrew.butterworth · ‎04-24-2022

If your provider supports mini jumbo frames

(RFC4638)

you should be able to dispense with

ip tcp adjust-mss 1452

on the LAN interface.

This is what I have configured on my

C891F

router and the

 ppp session info (show ppp interface virtual-access 3)

interface GigabitEthernet8
 mtu 1508
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 pppoe-client ppp-max-payload 1500
 no cdp enable

Vi3 LCP: [Open]
Our Negotiated Options
Vi3 LCP: MagicNumber 0x808B977A (0x0506808B977A)
Peer's Negotiated Options
Vi3 LCP: MRU 1500 (0x010405DC)
Vi3 LCP: MagicNumber 0x5BCC96D0 (0x05065BCC96D0)

deshpande.omkar · ‎10-24-2018

I had same problem and adjusting

tcp-mss

helped!! Thanks a ton

Jas4 · ‎08-10-2023

Thankyou sir this fixed my issue which I was tearing my hair out over

emmastoneviral23 · ‎04-22-2022

Is this happened after using the VPN or before? because I'm having an issue in a website that is not opening no matter what I do. It says due to security reason return back to safety.

Georg Pauwen · ‎04-22-2022

Hello,

what is the URL of that website ?