Solved: check with your network - Page 2

KYLE NGUYEN · ‎09-07-2016

Hi everyone

I have a problem that's driving me nuts trying to troubleshoot. Brand new install of Windows 7 Dell latitude. I'm connected to our domain, but cannot browse the Internet with exclamation icon and msg "No Internet Access."

I can ping all internal servers and gateway. No issues there.

I took the laptop home and connected to my home network fine. Internet connection works perfectly.

But when I get back to the office, I tried connecting with both wired and wireless, both gives msg "No Internet Access."

Firewall is ASA 5505. I did some googling, and found some info on IP Shunning, but when I check my firewall settings, shunning is not enabled.

Any help is greatly appreciated. Thanks.

KYLE NGUYEN · ‎09-09-2016

CIS-C1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1
Number of aggregators: 1

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Gi3/0/47(P) Gi3/0/48(P)

CIS-C1#show interface trunk

Port Mode Encapsulation Status Native vlan
Gi1/1/1 on 802.1q trunking 1
Gi3/1/1 on 802.1q trunking 1
Po1 on 802.1q trunking 400

Port Vlans allowed on trunk
Gi1/1/1 1-4094
Gi3/1/1 1-4094
Po1 1-4094

Port Vlans allowed and active in management domain
Gi1/1/1 1,10,30,50,400
Gi3/1/1 1,10,30,50,400
Po1 1,10,30,50,400

Port Vlans in spanning tree forwarding state and not pruned
Gi1/1/1 1,10,30,50,400
Gi3/1/1 1,10,30,50,400
Po1 1,10,30,50,400

Austin Sabio · ‎09-09-2016

At least post the connected switchport config. Please make sure you mask your config before posting it here.

KYLE NGUYEN · ‎09-09-2016

see the txt file

ahmedshoaib · ‎09-09-2016

Hi;

Can you also attached the Firewall configuration?

Switch configuration is seems to be ok.

Thanks & Best regards;

Austin Sabio · ‎09-09-2016

We don't know what your network topology looks like.
Where does vlan10 terminate? need to check routing config.
Please post result of show ip default-gateway

ip route 0.0.0.0 0.0.0.0 192.168.0.231

interface Vlan10
 ip address 192.168.0.239 255.255.254.0

Austin Sabio · ‎09-09-2016

Please discard my post as you said below *old computers* are working fine. If you are saying you are only having issues with the new laptop -then its a NIC matter as other hardware work fine-. Have you tried connecting another good working laptop to the same port?

KYLE NGUYEN · ‎09-09-2016

I don't think its a NIC issue. Like I mentioned in the earlier post, the laptop works perfectly in 5 out of the 7 switches.

Old computers that was already on the network works perfectly in all 7 switches.

Any new computer not just this laptop when connected to the 2 "problem" switches, have internet connection issues.

Something is definitely different about these 2 problem switches, but I didn't do any configuration changes at all to any of the switches.

This problem just started out of nowhere a couple of days ago.

Georg Pauwen · ‎09-09-2016

Hello,

can you check if the two 'problem' switches run the same VTP version as the others ?

KYLE NGUYEN · ‎09-09-2016

how do I do that? please explain. thanks.

Georg Pauwen · ‎09-09-2016

The command to check for VTP versions is 'sh vtp status'.Revision number and domain should be the same for all switches.

Is your ASA running in routed or transparent mode ? It might be a good idea to post the config, it seems that somewhere in your path, new MAC addresses are being blocked...

Austin Sabio · ‎09-09-2016

check with your network/security team what changes have been made recently. also, if you have users are connected to these swtiches why they are not reporting any issues. I would still prefer testing another laptop.

Just to point out, provided config is for switch stack of 3 members so I am not sure which two switches are you referring to.

KYLE NGUYEN · ‎09-09-2016

that's what driving me crazy trying to troubleshoot this issue.

users who were connected to these problem switches are not reporting any problems, because it's working perfectly for them.

Problem only appear when I try to connect any new device to the problematic switches then i get the internet connection issues.

My workstation is actually on one of those problematic switches right now and it's working perfectly.

There is no other network/security team. I'm it. It's a one man shop. lol

Could it be a dynamic ARP issue?

Austin Sabio · ‎09-09-2016

It could be related to CSCug87540. Please post show version.

Status:	Other
Severity:	2 Severe
Last Modified:	22-MAY-2015
Known Affected Releases:	3.2(1.0)
Known Fixed Releases:


Bug Id:	CSCug87540
Title:	3850: traffic L3 routed on 1 switch/member fails for newly added devices
Description:	Symptom:The following symptoms can appear on the impacted switch (which can be standalone or a stack member): - traffic is not routed between devices on different vlans (impacting newly connected devices, or devices that have changed ports) - new routes do not function - qos or ACL changes do not take effect This issue occurs due to a failure to program changes into hardware once the breakage occurs, so existing hardware programming will allow traffic between previously connected devices to continue to flow correctly. Conditions:Seen on Catalyst 3850 stacks running 3.2.0SE, 3.2.1SE and 3.2.2SE. Workaround:None. To recover reload the impacted switch. The issue does not show in 3.3.0(SE) due to code restructure.

KYLE NGUYEN · ‎09-09-2016

Switch Ports Model SW Version SW Image Mode

------ ----- ----- ---------- ---------- ----
1 56 WS-C3850-48P 03.02.01.SE cat3k_caa-universalk9 INSTALL
2 56 WS-C3850-48P 03.02.01.SE cat3k_caa-universalk9 INSTALL

1 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
2 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
3 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL

Looks like the 2 problematic stacks have the SW version that's affected by that bug. I'm gonna reboot those two stacks and see what happens.

Austin Sabio · ‎09-09-2016

Here you go, you are running 03.02.02.SE. it's a major bug. Please upgrade your ios to recommended version 3.6.5E.

Please do not forget to rate the correct answer :)

Thank you.

No Internet Access but connected to domain. New install of Windows 7