fightingASD
asked on
only a genius will solve this... certain websites won't load if client is ethernet based; wireless clients access same sites fine
Hi all. I have a location that has DSL service connected to a Sonicwall TZ-215 router. The router ties to a ProCurve Gigabit switch which we dangle an HP Elite desktop running Win7 Pro, some POS terminals, and an Aruba controller that manages our 3 Aruba APs.
I'm going to lose consciousness from banging my head on the desk. We can't access sites like www.anthem.com or www.unl.edu from any machine connected via ethernet. On our Thinkpads, if we connect via ethernet, then we have the same issue. However, if we use the WLAN, we access these sites perfectly. All IPV4 settings (served via DHCP) are the same between LAN and WLAN. DNS is obviously not an issue as we can resolve the IPs of the sites fine and if wireless, access them directly in a browser. Another wrinkle is that if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site. We can also see libraries.unl.edu, but not eeando.unl.edu. Any suggestions would be appreciated. Thanks.
I'm going to lose consciousness from banging my head on the desk. We can't access sites like www.anthem.com or www.unl.edu from any machine connected via ethernet. On our Thinkpads, if we connect via ethernet, then we have the same issue. However, if we use the WLAN, we access these sites perfectly. All IPV4 settings (served via DHCP) are the same between LAN and WLAN. DNS is obviously not an issue as we can resolve the IPs of the sites fine and if wireless, access them directly in a browser. Another wrinkle is that if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site. We can also see libraries.unl.edu, but not eeando.unl.edu. Any suggestions would be appreciated. Thanks.
ASKER
Thank you. We will post results soon. Regarding the wireless, we are accessing via an Aruba controller and 3 Aruba APs.
I'm not familiar with the Aruba controller, but I'm betting that the key to this is how they connect differently from the wired connection. The test results will help identify that.
If set up right, you probably have wireless on a VPN and that VPN bypasses any Router ACLs for blocking certain web site IP addresses.
So, I would look at the router ACLs and compare them to the IP addresses of the router/firewall to see if any are blocked. One VPN may be blocked while the other is not.
This is a networking problem and should involve your network engineers.
Also, check the computer's host based firewall settings. You can easily do this by temporarily disabling Windows Firewall. Host based firewall settings are unique per connection these days.
So, I would look at the router ACLs and compare them to the IP addresses of the router/firewall to see if any are blocked. One VPN may be blocked while the other is not.
This is a networking problem and should involve your network engineers.
Also, check the computer's host based firewall settings. You can easily do this by temporarily disabling Windows Firewall. Host based firewall settings are unique per connection these days.
"www.unl.edu from any machine connected via ethernet"
"use the WLAN, we access these sites perfectly. "
"if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site."
Please clarify:
When you say ethernet, do you mean Sonicwall TZ-215 router or ProCurve Gigabit?
Let me see if I understand this correctly, you can access both www.unl.edu and m.unl.edu with wireless, but only m.unl.edu with wired and not www.unl.edu, correct?
how's running DHCP server?
"use the WLAN, we access these sites perfectly. "
"if we access the mobile sites (e.g. m.unl.edu) from a wired client, we can see the mobile site."
Please clarify:
When you say ethernet, do you mean Sonicwall TZ-215 router or ProCurve Gigabit?
Let me see if I understand this correctly, you can access both www.unl.edu and m.unl.edu with wireless, but only m.unl.edu with wired and not www.unl.edu, correct?
how's running DHCP server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Ayerco32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Ayerco32
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter #2
Physical Address. . . . . . . . . : 00-50-B6-0B-56-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81d0:2fca:3c35:ab9b% 17(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.20.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 436228278
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8 -39-35-48- BD-6D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter
Physical Address. . . . . . . . . : 00-50-B6-0B-66-7A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::50f1:7e54:64c:b76e%1 6(Preferre d)
IPv4 Address. . . . . . . . . . . : 10.5.60.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 369119414
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8 -39-35-48- BD-6D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : E8-39-35-48-BD-6D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.32.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.32.168
DNS Servers . . . . . . . . . . . : 10.0.3.200
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{51D30FD4-82DC-44C9 -AE19-0C13 CAF33208}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10f9:2a9b :3f57:dffa (Pref
erred)
Link-local IPv6 Address . . . . . : fe80::10f9:2a9b:3f57:dffa% 12(Preferr ed)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{CAE41092-7BA0-476D -B876-C5CC 0451CBF4}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0A427D59-BF44-4F44 -8BCF-A273 5DD4F5DF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Ayerco32>nslookup 4.2.2.2
Server: ayersmo.ayers.local
Address: 10.0.3.200
Name: b.resolvers.Level3.net
Address: 4.2.2.2
C:\Users\Ayerco32>nslookup google.com
Server: ayersmo.ayers.local
Address: 10.0.3.200
Name: google.com
Addresses: 2607:f8b0:4009:802::1009
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.110
74.125.225.101
74.125.225.104
74.125.225.100
74.125.225.105
74.125.225.99
74.125.225.103
74.125.225.102
C:\Users\Ayerco32>nslookup www.anthem.com
Server: ayersmo.ayers.local
Address: 10.0.3.200
Non-authoritative answer:
Name: www.anthem.com
Address: 162.95.221.41
C:\Users\Ayerco32>tracert www.anthem.com
Tracing route to www.anthem.com [162.95.221.41]
over a maximum of 30 hops:
1 13 ms 13 ms 13 ms rb2-bras.wnvl.centurytel.n et [69.29.187.15]
2 12 ms 12 ms 12 ms 173-248-69-61.centurylink. net [173.248.69.61]
3 14 ms 14 ms 13 ms bb-mrghmoqa-jx9-02-ae5-0.c ore.centur ytel.net [20
8.110.249.230]
4 13 ms 13 ms 13 ms bb-mrghmoqa-jx9-01-ae0.cor e.centuryt el.net [206.
51.69.1]
5 14 ms 13 ms 14 ms bb-mrghmoqa-jx9-02-ae0.cor e.centuryt el.net [206.
51.69.2]
6 21 ms 21 ms 21 ms bb-chcgilwu-jx9-02-ae8-0.c ore.centur ylink.net [2
04.9.121.190]
7 31 ms 21 ms 20 ms cer-edge-17.inet.qwest.net [65.113.255.241]
8 21 ms 21 ms 44 ms chp-brdr-03.inet.qwest.net [67.14.8.194]
9 21 ms 21 ms 21 ms 63.146.26.218
10 52 ms 55 ms 55 ms cr1.cgcil.ip.att.net [12.122.84.54]
11 55 ms 55 ms 55 ms cr2.wswdc.ip.att.net [12.122.18.22]
12 52 ms 56 ms 55 ms cr1.wswdc.ip.att.net [12.122.2.33]
13 54 ms 55 ms 55 ms cr81.rcmva.ip.att.net [12.122.113.18]
14 51 ms 51 ms 50 ms gar1.rcmva.ip.att.net [12.122.113.33]
15 51 ms 51 ms 51 ms 12.90.182.234
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
____
Firewall on local machine seems to have no effect.
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Ayerco32>ipconfig
Windows IP Configuration
Host Name . . . . . . . . . . . . : Ayerco32
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter #2
Physical Address. . . . . . . . . : 00-50-B6-0B-56-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::81d0:2fca:3c35:ab9b%
IPv4 Address. . . . . . . . . . . : 192.168.20.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 436228278
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772 USB2.0 to Fast Ethernet Adap
ter
Physical Address. . . . . . . . . : 00-50-B6-0B-66-7A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::50f1:7e54:64c:b76e%1
IPv4 Address. . . . . . . . . . . : 10.5.60.15(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 369119414
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-06-6C-69-E8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : E8-39-35-48-BD-6D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.32.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.32.168
DNS Servers . . . . . . . . . . . : 10.0.3.200
8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{51D30FD4-82DC-44C9
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10f9:2a9b
erred)
Link-local IPv6 Address . . . . . : fe80::10f9:2a9b:3f57:dffa%
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{CAE41092-7BA0-476D
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{0A427D59-BF44-4F44
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Ayerco32>nslookup
Server: ayersmo.ayers.local
Address: 10.0.3.200
Name: b.resolvers.Level3.net
Address: 4.2.2.2
C:\Users\Ayerco32>nslookup
Server: ayersmo.ayers.local
Address: 10.0.3.200
Name: google.com
Addresses: 2607:f8b0:4009:802::1009
74.125.225.96
74.125.225.97
74.125.225.98
74.125.225.110
74.125.225.101
74.125.225.104
74.125.225.100
74.125.225.105
74.125.225.99
74.125.225.103
74.125.225.102
C:\Users\Ayerco32>nslookup
Server: ayersmo.ayers.local
Address: 10.0.3.200
Non-authoritative answer:
Name: www.anthem.com
Address: 162.95.221.41
C:\Users\Ayerco32>tracert www.anthem.com
Tracing route to www.anthem.com [162.95.221.41]
over a maximum of 30 hops:
1 13 ms 13 ms 13 ms rb2-bras.wnvl.centurytel.n
2 12 ms 12 ms 12 ms 173-248-69-61.centurylink.
3 14 ms 14 ms 13 ms bb-mrghmoqa-jx9-02-ae5-0.c
8.110.249.230]
4 13 ms 13 ms 13 ms bb-mrghmoqa-jx9-01-ae0.cor
51.69.1]
5 14 ms 13 ms 14 ms bb-mrghmoqa-jx9-02-ae0.cor
51.69.2]
6 21 ms 21 ms 21 ms bb-chcgilwu-jx9-02-ae8-0.c
04.9.121.190]
7 31 ms 21 ms 20 ms cer-edge-17.inet.qwest.net
8 21 ms 21 ms 44 ms chp-brdr-03.inet.qwest.net
9 21 ms 21 ms 21 ms 63.146.26.218
10 52 ms 55 ms 55 ms cr1.cgcil.ip.att.net [12.122.84.54]
11 55 ms 55 ms 55 ms cr2.wswdc.ip.att.net [12.122.18.22]
12 52 ms 56 ms 55 ms cr1.wswdc.ip.att.net [12.122.2.33]
13 54 ms 55 ms 55 ms cr81.rcmva.ip.att.net [12.122.113.18]
14 51 ms 51 ms 50 ms gar1.rcmva.ip.att.net [12.122.113.33]
15 51 ms 51 ms 51 ms 12.90.182.234
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.
Trace complete.
____
Firewall on local machine seems to have no effect.
You have all KINDS of problems with the above IPconfiguration, so please explain??
You have three nics. This is called multihoming a computer. Unless configured exact, you screw your ARP table, and also confuse the computer on how to route packets.
You have outside DNS servers for DNS resolution. All client PCs should point to interal DNS servers, The only place external DNS Servers, like (8.8.8.8), should exist is within forwarders or root hints. Since root hint servers come pre-configured, the ONLY PLACE an outside server should be manually configured is within forwarders.
BOTH, multihoming a machine and improperly configured DNS would cause this issue.
You have three nics. This is called multihoming a computer. Unless configured exact, you screw your ARP table, and also confuse the computer on how to route packets.
You have outside DNS servers for DNS resolution. All client PCs should point to interal DNS servers, The only place external DNS Servers, like (8.8.8.8), should exist is within forwarders or root hints. Since root hint servers come pre-configured, the ONLY PLACE an outside server should be manually configured is within forwarders.
BOTH, multihoming a machine and improperly configured DNS would cause this issue.
That's a fairly advanced setup... :)
I still opt for the MTU problem on the DSL, though.
Tamas
I still opt for the MTU problem on the DSL, though.
Tamas
ASKER
Tamas, you were spot on. It was set at 1500. 1492 solved the problem.
Thanks Tamas. You're a genius.
Thanks Tamas. You're a genius.
I would suggest trying the following on a computer with wireless (that works correctly) and the same computer connected by wired ethernet only:
start
run
cmd
ipconfig /all
nslookup 4.2.2.2
nslookup google.com
nslookup www.anthem.com
tracert www.anthem.com
If you could post the output of those commands it would be very helpful.