Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
5
Replies

Clients lose connection to web pages

gustavogaioski
Level 1
Level 1

‎09-02-2021 01:30 PM

I have a problem in my Cisco network and I am not able to solve it.
Some connected devices are browsing normal and for no apparent reason are able to load more web pages. These devices can ping to Gateway, external website by IP and also able to ping external DNS websites. Only pages in the browser do not open.
It happens on mobile, MAC OS and Windows.
It only works again when disconnecting from the wi-fi and connecting again.
Wi-FI Controller: Cisco 2500 Series Wireless LAN Controller (AIR-CT2504-K9)
Switches: Catalyst 2960X
Authentication method: 802.11x

 

Does anyone have any idea what it might be?

Labels:
0 Helpful
5 Replies 5

Dustin Anderson
VIP
VIP

‎09-02-2021 01:44 PM

Only thing I could see is AVC profile detecting wrong and blocking.

 

Do you have any set? Wireless/Application and visibility Control/AVC Profiles.

 

This is the only thing I can think of Wireless side to block.

0 Helpful

gustavogaioski
Level 1
Level 1
In response to Dustin Anderson

‎09-02-2021 09:12 PM

Hello Anderson,
I have AVC Profile enabled, but it's only blocking aplication bittorrent-networking and bittorrent.

0 Helpful

Georg Pauwen
VIP
VIP
In response to gustavogaioski

‎09-02-2021 11:51 PM

Hello,

 

what is the WLC connected to (ISP modem) ? Do you only have wireless clients, and (if not, that is, if you also have wired clients), are the wired clients experiencing the same problems ?

0 Helpful

gustavogaioski
Level 1
Level 1
In response to Georg Pauwen

‎09-03-2021 04:35 AM

Hello Georg,

 

The WLC is connected to a Firewall.

 

Currently only Wi-Fi clients.

0 Helpful

gustavogaioski
Level 1
Level 1

‎09-03-2021 04:43 AM

I did a packet capture on the firewall and identified that the client is returning traffic through the wrong vlan.
This client is in VLAN 20, the firewall sends the packet in the correct VLAN, but the client returns the tag from VLAN 10, even if its IP is from VLAN 20.

 

Frame 8: 361 bytes on wire (2888 bits), 361 bytes captured (2888 bits)

Ethernet II, Src: WatchGua_MAC:Firewall (MAC Firewall), Dst: IntelCor_MAC:Client (MAC Client)

802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 20

000. .... .... .... = Priority: Best Effort (default) (0)

...0 .... .... .... = DEI: Ineligible

.... 0000 0001 0100 = ID: 20

Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 192.168.200.27, Dst: 10.2.20.53

User Datagram Protocol, Src Port: 3389, Dst Port: 63365

Data (315 bytes)

 

Frame 9: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)

Ethernet II, Src: IntelCor_MAC:Client (MAC Client), Dst: WatchGua_Firewall (MAC Firewall)

802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 10

000. .... .... .... = Priority: Best Effort (default) (0)

...0 .... .... .... = DEI: Ineligible

.... 0000 0000 1010 = ID: 10

Type: IPv4 (0x0800)

Padding: 0000

Trailer: 00000000

Internet Protocol Version 4, Src: 10.2.20.53, Dst: 192.168.200.27

User Datagram Protocol, Src Port: 63365, Dst Port: 3389

Data (12 bytes)

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card