09-02-2021 01:30 PM
I have a problem in my Cisco network and I am not able to solve it.
Some connected devices are browsing normal and for no apparent reason are able to load more web pages. These devices can ping to Gateway, external website by IP and also able to ping external DNS websites. Only pages in the browser do not open.
It happens on mobile, MAC OS and Windows.
It only works again when disconnecting from the wi-fi and connecting again.
Wi-FI Controller: Cisco 2500 Series Wireless LAN Controller (AIR-CT2504-K9)
Switches: Catalyst 2960X
Authentication method: 802.11x
Does anyone have any idea what it might be?
09-02-2021 01:44 PM
Only thing I could see is AVC profile detecting wrong and blocking.
Do you have any set? Wireless/Application and visibility Control/AVC Profiles.
This is the only thing I can think of Wireless side to block.
09-02-2021 09:12 PM
Hello Anderson,
I have AVC Profile enabled, but it's only blocking aplication bittorrent-networking and bittorrent.
09-02-2021 11:51 PM
Hello,
what is the WLC connected to (ISP modem) ? Do you only have wireless clients, and (if not, that is, if you also have wired clients), are the wired clients experiencing the same problems ?
09-03-2021 04:35 AM
Hello Georg,
The WLC is connected to a Firewall.
Currently only Wi-Fi clients.
09-03-2021 04:43 AM
I did a packet capture on the firewall and identified that the client is returning traffic through the wrong vlan.
This client is in VLAN 20, the firewall sends the packet in the correct VLAN, but the client returns the tag from VLAN 10, even if its IP is from VLAN 20.
Frame 8: 361 bytes on wire (2888 bits), 361 bytes captured (2888 bits)
Ethernet II, Src: WatchGua_MAC:Firewall (MAC Firewall), Dst: IntelCor_MAC:Client (MAC Client)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 20
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 0000 0001 0100 = ID: 20
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.200.27, Dst: 10.2.20.53
User Datagram Protocol, Src Port: 3389, Dst Port: 63365
Data (315 bytes)
Frame 9: 64 bytes on wire (512 bits), 64 bytes captured (512 bits)
Ethernet II, Src: IntelCor_MAC:Client (MAC Client), Dst: WatchGua_Firewall (MAC Firewall)
802.1Q Virtual LAN, PRI: 0, DEI: 0, ID: 10
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = DEI: Ineligible
.... 0000 0000 1010 = ID: 10
Type: IPv4 (0x0800)
Padding: 0000
Trailer: 00000000
Internet Protocol Version 4, Src: 10.2.20.53, Dst: 192.168.200.27
User Datagram Protocol, Src Port: 63365, Dst Port: 3389
Data (12 bytes)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide