Solved: Re: VLAN client can't Access Web with Web Browser - ping, telnet, tracert, nslookup works

rend · ‎07-11-2018

moved from this:
https://supportforums.cisco.com/t5/small-business-switches/vlan-client-can-t-access-web-with-web-browser-ping-telnet/m-p/3413756/highlight/true#M20089

Hi there,

i have some problem with my network, let's say.. my topology is like this :

Router - Cisco C2960-X (Vlan 1 & 100) - VM Host

> Internet Connected to Vlan1 - and from Vlan1 to Router (port1) : WAN

> VM Host Connected to Vlan100 - and from Vlan100 to Router (port4) : LAN gateway

>>the switch is new, and i only configured security access and VLAN.

i've configured everything in the Router (NAT, firewall, etc) and everything works fine.. until i tried browsing some web with Windows Client. I only using Linux (console/terminal only) as VM host before~

using network Testing tools, the results are like this :
Ping - works, Nslookup - works, Tracert - works, Telnet - works, webBrowser(IE, Firefox,Ms.Edge) - fails (says dns error something)

tried all above to twitter, facebook, cisco, etc.

if i access the web with links(linux command webbrowser), the page(text) loaded. But can't browse using Linux with Desktop env. too.. (debian with firefox browser).

i've asked the Router Support about this too, but it seems like the problem is not from the Router Config.

if i use public IP directly on host and connect it to VLAN1, i can browse with the web browser...

So only from the VLAN100 i can't browse web.

has anyone ever experienced something like this?
is there any way that the switch is filtering/blocking something?

rend · ‎07-26-2018

i don't really know what's causing it.. but after reseting all the config and reconfigure the vlan, everything works normally..

anyway.. thanks for all the response~

View solution in original post

kumardilip · ‎07-12-2018

Can you attach the config from the router and the switch here, please? Remove all sensitive configuration such as passwords etc.

rend · ‎07-18-2018

here is my switch config :

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
username xxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
clock timezone UTC 7 0
switch 1 provision ws-c2960x-24ts-l
!
!
no ip domain-lookup
ip domain-name somedomain.id
ip name-server 192.168.2.1
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 ip address 192.168.7.151 255.255.255.0
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/0/11
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 101
 switchport mode access
!
interface GigabitEthernet1/0/13
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/14
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/15
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/17
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 100
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport mode trunk
!
interface GigabitEthernet1/0/22
 switchport mode trunk
!
interface GigabitEthernet1/0/23
 switchport mode trunk
!
interface GigabitEthernet1/0/24
 switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan100
 ip address 192.168.2.151 255.255.255.0
!
ip http server
ip http secure-server
!
ip ssh version 2
!
!
no vstack
!
line con 0
 login local
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login local
 transport input ssh
!
ntp server 192.168.2.1
end

should i really remove all password/access config?

paul driver · ‎07-18-2018

Hello

do have nat enabled on the router for vlan 100?

post the config of the rtr please

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

rend · ‎07-18-2018

i'm using mikrotik CCR for the router.. and yes, i've configured NAT as well~

u could see from my ScreenShot that i could do everything including tracert, nslookup, ping, telnet to some website.. but i can't access the web with my web browser~

rend · ‎07-26-2018

i don't really know what's causing it.. but after reseting all the config and reconfigure the vlan, everything works normally..

anyway.. thanks for all the response~