cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
21027
Views
0
Helpful
20
Replies
mattmacnish
Beginner

web browser not working, ping/telnet works

I recently ran into an issue where we changed a port link from the ISP from access to tagged to allow us to receive another vlan handed from them.

When we first attempted to do this I was getting about 50-80% packet loss (ie: 3 pass, 1 fails, 2 pass, 4 fail, 3 pass)

Because they were unable to help we changed it back.

Yesterday we made the change again and pings were fine, traceroutes worked fine, I could ssh in and out of the link, I can even telnet to port 80 and 443 and get pages.  However when anyone types an ip in their browser it never gets anywhere.

I ruled out the router by connecting my laptop directly and still had the issue.  I even tried another switch.  Nothing worked.

They're extremely unhelpful and deny theres any issue on their end.

Can anyone give me any insight to what could cause this?

20 REPLIES 20
John Blakley
Advisor

"I can even telnet to port 80 and 443 and get pages."

Can you ping a site by name?

HTH, John *** Please rate all useful posts ***

Yes.  DNS is working.

I forgot to mention that google sites work fine.  Its everything else like cnn.com yahoo.com ebay.com

Again there's no firewall.

If I type yahoo.com in a browser it'll never load. 

If I open terminal:

telnet yahoo.com 80

Trying 98.139.183.24...

Connected to yahoo.com.

Escape character is '^]'.

GET index.html

Not Found

Your requested URL was not found.

Connection closed by foreign host.

Hi,

post your topology and configs.

Regards.

Alain

Don't forget to rate helpful posts.

Basically you're looking at a switch.  Our uplink to the isp goes into our "edge" because we have some devices that we want to bypass the firewall completely.

Port 0/1 is the uplink

I have a server on 0/11 & 0/12

When I change 0/1 to trunk these issues happen.  When changed back to access the issues resolve.  (yes my ISP is making changes to match the ports)

--

Config

--

ny05-edge01#sho run

Building configuration...

Current configuration : 2524 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ny05-edge01

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

vtp mode transparent

ip subnet-zero

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

vlan 10,20-21,70

!

vlan 1208

name AMC-IP

!

!

!

interface GigabitEthernet0/1

description AMC-UpLink

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/9

description Core01-0/0

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,10,20,21,70,1208

switchport mode access

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/11

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/12

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 10.55.210.45 255.255.255.0

!

ip default-gateway 10.55.210.1

ip classless

ip http server

Hi,

the problem is surely due to the Portfast feature configured on G0/1, either leave it or add the keyword trunk when you change the link to trunk.

Regards.

Alain

Don't forget to rate helpful posts.

Its not due to portfast. 

I connected the uplink directly to my laptop and had the same issue.  I even connected to a HP 2810.

Portfast is not your current issue, but it can cause problems in the future.

Edison Ortiz
Hall of Fame Mentor

I've seen this happening due to MTU.

Try pinging a device in the internet with 1500 bytes and disable fragmentation

ping [internet_ip] -l 1500 -f

If the packets are fragmented, your ISP is fragmenting your traffic.

You may need to modify the MTU internally in your network to match theirs.

When 0/1 is set to trunk what does the config look like?

Your trunk link should look like this:

description AMC-UpLink

switchport trunk native vlan 1208

switchport mode trunk

spanning-tree portfast trunk

-or-

description AMC-UpLink

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan remove (x-xx,x)

switchport trunk allowed vlan add (x-x)

How do I modify MTU on L2 switch?

I'm not taking the site down again but I do know that this works:

Works

  ping -s 2000 google.com

  ping -s 1469 google.com

  ping -s 1468 cnn.com

  ping -s 1468 ebay.com

  ping -s 1468 X.X.X.X (amc gateway)

Does not work:

  ping -s 1469 cnn.com

  ping -s 1469 ebay.com

  ping -s 1469 X.X.X.X (amc gateway)

Also the port is correct.

interface GigabitEthernet0/1

description AMC-UpLink

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1208

switchport mode trunk

spanning-tree portfast

!

You are using the wrong options for the ping - is that under Windows? You must use -l for packet size and -f for avoiding fragmentation.

ping /?

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

            [-r count] [-s count] [[-j host-list] | [-k host-list]]

            [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

Options:

    -t             Ping the specified host until stopped.

                   To see statistics and continue - type Control-Break;

                   To stop - type Control-C.

    -a             Resolve addresses to hostnames.

    -n count       Number of echo requests to send.

   -l size        Send buffer size.

    -f             Set Don't Fragment flag in packet (IPv4-only).

    -i TTL         Time To Live.

    -v TOS         Type Of Service (IPv4-only. This setting has been deprecated

                   and has no effect on the type of service field in the IP Head

er).

    -r count       Record route for count hops (IPv4-only).

    -s count       Timestamp for count hops (IPv4-only).

    -j host-list   Loose source route along host-list (IPv4-only).

    -k host-list   Strict source route along host-list (IPv4-only).

    -w timeout     Timeout in milliseconds to wait for each reply.

    -R             Use routing header to test reverse route also (IPv6-only).

    -S srcaddr     Source address to use.

    -4             Force using IPv4.

    -6             Force using IPv6.

Thanks for helping.  Don't take this as being rude but if I incorrectly used ping it wouldn't ping.

I have a mac not windows.

usage: ping [-AaDdfnoQqRrv] [-b boundif] [-c count] [-G sweepmaxsize] [-g sweepminsize]

            [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]

            [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]

            [-W waittime] [-z tos] host

I think more importantly how, and why would fragmentation only happen to everything except google?

Like I said I can do anything that involved google and nothing else.  IE: google.com, gmail.com, all google subdomains.

Those websites have very little content so your browser wouldn't require a maximum transmission unit.

Connect your MAC directly to your ISP, bypassing any cisco device, after modifying the MTU on the MAC to say 1280 or so. Instructions at: http://support.apple.com/kb/HT2532#

As you mentioned in your previous post, you even use a HP device and the problem persists, so it's not a Cisco issue.

Time to reach out to your ISP or perhaps repost in the MAC forums.

Regards,

Edison