I recently ran into an issue where we changed a port link from the ISP from access to tagged to allow us to receive another vlan handed from them.
When we first attempted to do this I was getting about 50-80% packet loss (ie: 3 pass, 1 fails, 2 pass, 4 fail, 3 pass)
Because they were unable to help we changed it back.
Yesterday we made the change again and pings were fine, traceroutes worked fine, I could ssh in and out of the link, I can even telnet to port 80 and 443 and get pages. However when anyone types an ip in their browser it never gets anywhere.
I ruled out the router by connecting my laptop directly and still had the issue. I even tried another switch. Nothing worked.
They're extremely unhelpful and deny theres any issue on their end.
Can anyone give me any insight to what could cause this?
I didn't say it was a Cisco issue. Why do you bother replying when you don't bother reading?
I was pretty specific in asking if anyone knew what would cause this.
I know the issue isn't our equiptment and I need to have something to say to the ISP to make them consider its their problem.
I'm also not gonna take this to a mac forum because I'm not leaving an ISP hooked up to a mac.
You say when you change the port config of the ISP link to access everything is normal. When it's configured to trunk its not. Native vlan 1208 will only allow vlan 1208 traffic through. Have you allowed the other vlans or tried removing the native vlan statement?
Sent from Cisco Technical Support iPhone App
The only change that is made is changing the handoff from the ISP from access to trunk so we can accept another vlan.
They've told us they're giving us an untagged port for their vlan 1208. When we coordinate to change to tagged thats when this occurs.
I was asked for the existing config which was untagged because thats all that works.
When its tagged I know its correct because like I said the EVERYTHING works except web browsing. I can ping anything, ssh in and out, telnet to all typical ports out (25,80,110,443). Even our L2L vpn works 100%. We have a server that allows RDP which I can RDP through the vpn but not through the public IP which works from anywhere else on the internet.
Since no one seens to understand what I'm asking please disregard EVERYTHING I've written so far and just tell me what is the difference between typing a url or IP in a web browser and using telnet to get web pages?
I gave the example that I can get index.htm from yahoo.com from telnet but I can't through a web browser.
If someone can tell me what would disrupt web browing but allow telnet I might be able to figure this out.
My first thought would be DNS, but you have stated that is not the case. The command "nslookup" for linux.... What does it resolve to? This is an interesting issue.....please post the resolution when you find one!
Yea its not DNS.
Also like I said google sites appear to be the only ones that work. I really don't know how to troubleshoot it. If it were all sites I don't think I'd be in any better position but the fact that google works and nothing else I have no idea.
I did traceroutes and noticed the ISP peers directly with google and yahoo but it appears to be taking the same final path through their network so I can't figure out why it'd be any different seeing I saw 4 peers.
I also ran traces and pings and noticed nothing was different after switching back to untagged. It appears to only be whether its tagged or not. Thats why I was hoping someone could help identify what would cause this.
If telnet port 80 didn't work I'd be able to at least see it was certain ports or destinations but telnet works just web browsers.
Hence the question. What does a web browser do differently than telnet?
I just had the same issue after an ISP change. From one of the vlan, telnet was working on port 80 but users were not able to browse the Internet. I added "ip tcp adjust-mss 1346" on that vlan and it has fixed the issue and browsing is now working. You need to confirm the MTU your ISP is using first and but the correct value on your side.