Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

web browser not working, ping/telnet works

I recently ran into an issue where we changed a port link from the ISP from access to tagged to allow us to receive another vlan handed from them.

When we first attempted to do this I was getting about 50-80% packet loss (ie: 3 pass, 1 fails, 2 pass, 4 fail, 3 pass)

Because they were unable to help we changed it back.

Yesterday we made the change again and pings were fine, traceroutes worked fine, I could ssh in and out of the link, I can even telnet to port 80 and 443 and get pages.  However when anyone types an ip in their browser it never gets anywhere.

I ruled out the router by connecting my laptop directly and still had the issue.  I even tried another switch.  Nothing worked.

They're extremely unhelpful and deny theres any issue on their end.

Can anyone give me any insight to what could cause this?

20 REPLIES

web browser not working, ping/telnet works

"I can even telnet to port 80 and 443 and get pages."

Can you ping a site by name?

HTH, John *** Please rate all useful posts ***
New Member

web browser not working, ping/telnet works

Yes.  DNS is working.

I forgot to mention that google sites work fine.  Its everything else like cnn.com yahoo.com ebay.com

Again there's no firewall.

If I type yahoo.com in a browser it'll never load. 

If I open terminal:

telnet yahoo.com 80

Trying 98.139.183.24...

Connected to yahoo.com.

Escape character is '^]'.

GET index.html

Not Found

Your requested URL was not found.

Connection closed by foreign host.

Purple

web browser not working, ping/telnet works

Hi,

post your topology and configs.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

web browser not working, ping/telnet works

Basically you're looking at a switch.  Our uplink to the isp goes into our "edge" because we have some devices that we want to bypass the firewall completely.

Port 0/1 is the uplink

I have a server on 0/11 & 0/12

When I change 0/1 to trunk these issues happen.  When changed back to access the issues resolve.  (yes my ISP is making changes to match the ports)

--

Config

--

ny05-edge01#sho run

Building configuration...

Current configuration : 2524 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ny05-edge01

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

vtp mode transparent

ip subnet-zero

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

vlan 10,20-21,70

!

vlan 1208

name AMC-IP

!

!

!

interface GigabitEthernet0/1

description AMC-UpLink

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/4

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/7

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/9

description Core01-0/0

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2,10,20,21,70,1208

switchport mode access

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,21,70

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/11

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/12

switchport access vlan 1208

switchport mode access

spanning-tree portfast

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 10.55.210.45 255.255.255.0

!

ip default-gateway 10.55.210.1

ip classless

ip http server

Purple

web browser not working, ping/telnet works

Hi,

the problem is surely due to the Portfast feature configured on G0/1, either leave it or add the keyword trunk when you change the link to trunk.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Re: web browser not working, ping/telnet works

Its not due to portfast. 

I connected the uplink directly to my laptop and had the same issue.  I even connected to a HP 2810.

New Member

Re: web browser not working, ping/telnet works

Portfast is not your current issue, but it can cause problems in the future.

Hall of Fame Super Bronze

web browser not working, ping/telnet works

I've seen this happening due to MTU.

Try pinging a device in the internet with 1500 bytes and disable fragmentation

ping [internet_ip] -l 1500 -f

If the packets are fragmented, your ISP is fragmenting your traffic.

You may need to modify the MTU internally in your network to match theirs.

New Member

Re: web browser not working, ping/telnet works

When 0/1 is set to trunk what does the config look like?

Your trunk link should look like this:

description AMC-UpLink

switchport trunk native vlan 1208

switchport mode trunk

spanning-tree portfast trunk

-or-

description AMC-UpLink

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan remove (x-xx,x)

switchport trunk allowed vlan add (x-x)

New Member

Re: web browser not working, ping/telnet works

How do I modify MTU on L2 switch?

I'm not taking the site down again but I do know that this works:

Works

  ping -s 2000 google.com

  ping -s 1469 google.com

  ping -s 1468 cnn.com

  ping -s 1468 ebay.com

  ping -s 1468 X.X.X.X (amc gateway)

Does not work:

  ping -s 1469 cnn.com

  ping -s 1469 ebay.com

  ping -s 1469 X.X.X.X (amc gateway)

Also the port is correct.

interface GigabitEthernet0/1

description AMC-UpLink

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1208

switchport mode trunk

spanning-tree portfast

!

Hall of Fame Super Bronze

web browser not working, ping/telnet works

You are using the wrong options for the ping - is that under Windows? You must use -l for packet size and -f for avoiding fragmentation.

ping /?

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

            [-r count] [-s count] [[-j host-list] | [-k host-list]]

            [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

Options:

    -t             Ping the specified host until stopped.

                   To see statistics and continue - type Control-Break;

                   To stop - type Control-C.

    -a             Resolve addresses to hostnames.

    -n count       Number of echo requests to send.

   -l size        Send buffer size.

    -f             Set Don't Fragment flag in packet (IPv4-only).

    -i TTL         Time To Live.

    -v TOS         Type Of Service (IPv4-only. This setting has been deprecated

                   and has no effect on the type of service field in the IP Head

er).

    -r count       Record route for count hops (IPv4-only).

    -s count       Timestamp for count hops (IPv4-only).

    -j host-list   Loose source route along host-list (IPv4-only).

    -k host-list   Strict source route along host-list (IPv4-only).

    -w timeout     Timeout in milliseconds to wait for each reply.

    -R             Use routing header to test reverse route also (IPv6-only).

    -S srcaddr     Source address to use.

    -4             Force using IPv4.

    -6             Force using IPv6.

New Member

web browser not working, ping/telnet works

Thanks for helping.  Don't take this as being rude but if I incorrectly used ping it wouldn't ping.

I have a mac not windows.

usage: ping [-AaDdfnoQqRrv] [-b boundif] [-c count] [-G sweepmaxsize] [-g sweepminsize]

            [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl]

            [-p pattern] [-S src_addr] [-s packetsize] [-t timeout]

            [-W waittime] [-z tos] host

New Member

web browser not working, ping/telnet works

I think more importantly how, and why would fragmentation only happen to everything except google?

Like I said I can do anything that involved google and nothing else.  IE: google.com, gmail.com, all google subdomains.

Hall of Fame Super Bronze

web browser not working, ping/telnet works

Those websites have very little content so your browser wouldn't require a maximum transmission unit.

Connect your MAC directly to your ISP, bypassing any cisco device, after modifying the MTU on the MAC to say 1280 or so. Instructions at: http://support.apple.com/kb/HT2532#

As you mentioned in your previous post, you even use a HP device and the problem persists, so it's not a Cisco issue.

Time to reach out to your ISP or perhaps repost in the MAC forums.

Regards,

Edison

New Member

web browser not working, ping/telnet works

I didn't say it was a Cisco issue.  Why do you bother replying when you don't bother reading?

I was pretty specific in asking if anyone knew what would cause this.

I know the issue isn't our equiptment and I need to have something to say to the ISP to make them consider its their problem.

I'm also not gonna take this to a mac forum because I'm not leaving an ISP hooked up to a mac.

New Member

Re: web browser not working, ping/telnet works

You say when you change the port config of the ISP link to access everything is normal. When it's configured to trunk its not. Native vlan 1208 will only allow vlan 1208 traffic through. Have you allowed the other vlans or tried removing the native vlan statement?

Sent from Cisco Technical Support iPhone App

New Member

web browser not working, ping/telnet works

The only change that is made is changing the handoff from the ISP from access to trunk so we can accept another vlan.

They've told us they're giving us an untagged port for their vlan 1208.  When we coordinate to change to tagged thats when this occurs.

I was asked for the existing config which was untagged because thats all that works.

When its tagged I know its correct because like I said the EVERYTHING works except web browsing.  I can ping anything, ssh in and out, telnet to all typical ports out (25,80,110,443).  Even our L2L vpn works 100%.  We have a server that allows RDP which I can RDP through the vpn but not through the public IP which works from anywhere else on the internet.

Since no one seens to understand what I'm asking please disregard EVERYTHING I've written so far and just tell me what is the difference between typing a url or IP in a web browser and using telnet to get web pages?

I gave the example that I can get index.htm from yahoo.com from telnet but I can't through a web browser.

If someone can tell me what would disrupt web browing but allow telnet I might be able to figure this out.

New Member

Re: web browser not working, ping/telnet works

My first thought would be DNS, but you have stated that is not the case. The command "nslookup" for linux.... What does it resolve to? This is an interesting issue.....please post the resolution when you find one!

New Member

Re: web browser not working, ping/telnet works

Yea its not DNS. 

Also like I said google sites appear to be the only ones that work.  I really don't know how to troubleshoot it.  If it were all sites I don't think I'd be in any better position but the fact that google works and nothing else I have no idea.

I did traceroutes and noticed the ISP peers directly with google and yahoo but it appears to be taking the same final path through their network so I can't figure out why it'd be any different seeing I saw 4 peers.

I also ran traces and pings and noticed nothing was different after switching back to untagged.  It appears to only be whether its tagged or not.  Thats why I was hoping someone could help identify what would cause this. 

If telnet port 80 didn't work I'd be able to at least see it was certain ports or destinations but telnet works just web browsers. 

Hence the question.  What does a web browser do differently than telnet?

New Member

web browser not working, ping/telnet works

Hi,

I just had the same issue after an ISP change. From one of the vlan, telnet was working on port 80 but users were not able to browse the Internet. I added "ip tcp adjust-mss 1346" on that vlan and it has fixed the issue and browsing is now working. You need to confirm the MTU your ISP is using first and but the correct value on your side.

12186
Views
0
Helpful
20
Replies