03-14-2012 10:39 AM - edited 03-07-2019 05:33 AM
I recently ran into an issue where we changed a port link from the ISP from access to tagged to allow us to receive another vlan handed from them.
When we first attempted to do this I was getting about 50-80% packet loss (ie: 3 pass, 1 fails, 2 pass, 4 fail, 3 pass)
Because they were unable to help we changed it back.
Yesterday we made the change again and pings were fine, traceroutes worked fine, I could ssh in and out of the link, I can even telnet to port 80 and 443 and get pages. However when anyone types an ip in their browser it never gets anywhere.
I ruled out the router by connecting my laptop directly and still had the issue. I even tried another switch. Nothing worked.
They're extremely unhelpful and deny theres any issue on their end.
Can anyone give me any insight to what could cause this?
03-14-2012 10:58 AM
"I can even telnet to port 80 and 443 and get pages."
Can you ping a site by name?
03-14-2012 11:02 AM
Yes. DNS is working.
I forgot to mention that google sites work fine. Its everything else like cnn.com yahoo.com ebay.com
Again there's no firewall.
If I type yahoo.com in a browser it'll never load.
If I open terminal:
telnet yahoo.com 80
Trying 98.139.183.24...
Connected to yahoo.com.
Escape character is '^]'.
GET index.html
Your requested URL was not found.
Connection closed by foreign host.
03-14-2012 11:05 AM
Hi,
post your topology and configs.
Regards.
Alain
03-14-2012 11:15 AM
Basically you're looking at a switch. Our uplink to the isp goes into our "edge" because we have some devices that we want to bypass the firewall completely.
Port 0/1 is the uplink
I have a server on 0/11 & 0/12
When I change 0/1 to trunk these issues happen. When changed back to access the issues resolve. (yes my ISP is making changes to match the ports)
--
Config
--
ny05-edge01#sho run
Building configuration...
Current configuration : 2524 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ny05-edge01
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan 10,20-21,70
!
vlan 1208
name AMC-IP
!
!
!
interface GigabitEthernet0/1
description AMC-UpLink
switchport access vlan 1208
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/9
description Core01-0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,10,20,21,70,1208
switchport mode access
!
interface GigabitEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,21,70
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport access vlan 1208
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport access vlan 1208
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.55.210.45 255.255.255.0
!
ip default-gateway 10.55.210.1
ip classless
ip http server
03-14-2012 12:18 PM
Hi,
the problem is surely due to the Portfast feature configured on G0/1, either leave it or add the keyword trunk when you change the link to trunk.
Regards.
Alain
03-14-2012 01:40 PM
Its not due to portfast.
I connected the uplink directly to my laptop and had the same issue. I even connected to a HP 2810.
03-14-2012 01:53 PM
Portfast is not your current issue, but it can cause problems in the future.
03-14-2012 12:44 PM
I've seen this happening due to MTU.
Try pinging a device in the internet with 1500 bytes and disable fragmentation
ping [internet_ip] -l 1500 -f
If the packets are fragmented, your ISP is fragmenting your traffic.
You may need to modify the MTU internally in your network to match theirs.
03-14-2012 01:24 PM
When 0/1 is set to trunk what does the config look like?
Your trunk link should look like this:
description AMC-UpLink
switchport trunk native vlan 1208
switchport mode trunk
spanning-tree portfast trunk
-or-
description AMC-UpLink
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan remove (x-xx,x)
switchport trunk allowed vlan add (x-x)
03-14-2012 01:39 PM
How do I modify MTU on L2 switch?
I'm not taking the site down again but I do know that this works:
Works
ping -s 2000 google.com
ping -s 1469 google.com
ping -s 1468 cnn.com
ping -s 1468 ebay.com
ping -s 1468 X.X.X.X (amc gateway)
Does not work:
ping -s 1469 cnn.com
ping -s 1469 ebay.com
ping -s 1469 X.X.X.X (amc gateway)
Also the port is correct.
interface GigabitEthernet0/1
description AMC-UpLink
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1208
switchport mode trunk
spanning-tree portfast
!
03-15-2012 07:27 AM
You are using the wrong options for the ping - is that under Windows? You must use -l for packet size and -f for avoiding fragmentation.
ping /?
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet (IPv4-only).
-i TTL Time To Live.
-v TOS Type Of Service (IPv4-only. This setting has been deprecated
and has no effect on the type of service field in the IP Head
er).
-r count Record route for count hops (IPv4-only).
-s count Timestamp for count hops (IPv4-only).
-j host-list Loose source route along host-list (IPv4-only).
-k host-list Strict source route along host-list (IPv4-only).
-w timeout Timeout in milliseconds to wait for each reply.
-R Use routing header to test reverse route also (IPv6-only).
-S srcaddr Source address to use.
-4 Force using IPv4.
-6 Force using IPv6.
03-15-2012 09:39 AM
Thanks for helping. Don't take this as being rude but if I incorrectly used ping it wouldn't ping.
I have a mac not windows.
usage: ping [-AaDdfnoQqRrv] [-b boundif] [-c count] [-G sweepmaxsize] [-g sweepminsize]
[-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]
[-p pattern] [-S src_addr] [-s packetsize] [-t timeout]
[-W waittime] [-z tos] host
03-15-2012 09:43 AM
I think more importantly how, and why would fragmentation only happen to everything except google?
Like I said I can do anything that involved google and nothing else. IE: google.com, gmail.com, all google subdomains.
03-15-2012 12:59 PM
Those websites have very little content so your browser wouldn't require a maximum transmission unit.
Connect your MAC directly to your ISP, bypassing any cisco device, after modifying the MTU on the MAC to say 1280 or so. Instructions at: http://support.apple.com/kb/HT2532#
As you mentioned in your previous post, you even use a HP device and the problem persists, so it's not a Cisco issue.
Time to reach out to your ISP or perhaps repost in the MAC forums.
Regards,
Edison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide