[ Risolto ] problema navigazione cisco (SOHO97-K9OY1-M)

[p.demichele]

ciao a tutti,

ho un problema di navigazione su determinati siti ( poste.it - nintendo.it - pop3 della mia azienda e altri siti che in questo momento non mi vengono in mente ) - se testo un altro router ( es. netgear ) i siti vengono visualizzati correttamente.
ho un abbonamento adsl alice 7mbit, di seguito vi espongo la conf:

Codice: Seleziona tutto

Cisco-ca#sh run
Building configuration...
 
Current configuration : 2397 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco-ca
!
boot-start-marker
boot-end-marker
!
enable secret 5 ************
!
username ********* password 0 ********
ip subnet-zero
ip dhcp excluded-address 192.168.200.1 192.168.200.100
!
ip dhcp pool Cisco-dhcp-ca
   network 192.168.200.0 255.255.255.0
   domain-name wr
   default-router 192.168.200.1
   dns-server 212.216.112.112
!
!
ip cef
no ip domain lookup
ip ssh maxstartups 3
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip ddns update method dyndns
 HTTP
  add http://***********
  remove http://***************
 interval maximum 1 0 0 0
!
no aaa new-model
!
!
!
!
interface Tunnel500
 description tunnel to ***********
 ip address 172.100.100.1 255.255.255.252
 ip mtu 1440
 tunnel source Dialer1
 tunnel destination ***********
 tunnel key 65535
!
interface Ethernet0
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
interface Dialer1
 ip ddns update hostname ************
 ip ddns update dyndns
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 ip tcp header-compression
 dialer pool 1
 no cdp enable
 ppp pap sent-username aliceadsl password 0 aliceadsl
!
interface Dialer0
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.0.0.0 255.255.255.0 Tunnel500
ip route 192.168.15.0 255.255.255.0 Tunnel500
ip route 192.168.30.0 255.255.255.0 Tunnel500
no ip http server
ip nat inside source list ACL interface Dialer1 overload
!
!
ip access-list extended ACL
 permit ip 192.168.200.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
 logging synchronous
 login local
 no modem enable
 transport preferred all
 transport output ssh
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 password *******
logging synchronous
 login
 transport preferred all
 transport input ssh
 transport output none
!
scheduler max-task-time 5000
end

non vorrei fosse un problema di mtu o perchè sull'atm o sulla dialer sia sprovvisto di qualche conf.
chi è così gentile da darmi uno sguardo e dirmi dove erro?
grazie in anticipo

[lormayna]

Il Netgear e il Cisco usano lo stesso DNS?

[gerdetti]

ciao,

pure io ho un problema di navigazione, di sotto la conf del mio RTR

bb-vil10#show running-config
Building configuration...

Current configuration : 4278 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname bb-vil10
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 debugging
enable secret 5 $1$ahHP$oykAySWM38NAJK8I00GLt.
!
no aaa new-model
!
resource policy
!
clock timezone GMT+1 1
clock summer-time GMT+2 recurring
ip subnet-zero
ip cef
ip dhcp excluded-address 10.139.134.225
ip dhcp excluded-address 10.139.134.226
ip dhcp excluded-address 10.139.134.227
ip dhcp excluded-address 10.139.134.228
ip dhcp excluded-address 10.139.134.229
!
!
ip domain name .....
ip name-server 10.139.134.10
!
!
!
username ciscoadm password 7 00031A09035A0512062F59
archive
log config
hidekeys
!
!
controller DSL 0
mode atm
line-term cpe
line-mode 2-wire line-zero
line-rate auto
!
!
bridge irb
bridge mac-address-table limit 300
!
!
interface Tunnel992
description -> ........
ip address 10.200.35.14 255.255.255.252
ip mtu 1388
ip ospf cost 1000
ip ospf 65534 area 0
tunnel source Dialer0
tunnel destination ......
!
interface Tunnel991
description tunnel to dc
ip unnumbered Loopback1
ip mtu 1364
tunnel source Loopback1
tunnel destination 10.200.36.4
!
interface Loopback1
ip address 10.200.34.13 255.255.255.255
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
!
interface ATM0.835 point-to-point
ip mtu 1388
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0.935 point-to-point
description bridge: bridge-o-Atm to cagliari
no snmp trap link-status
pvc 9/35
encapsulation aal5snap
!
bridge-group 1
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.139.134.225 255.255.255.224
ip helper-address 10.139.134.10
ip helper-address 10.139.133.9
ip mtu 1388
ip nat inside
ip virtual-reassembly
ip policy route-map ......
!
interface Dialer0
ip address negotiated
ip mtu 1388
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname ......
ppp chap password ......
ppp pap sent-username ...... password 7 ......
!
interface BVI1
description backbone: ......
ip address 10.200.35.10 255.255.255.252
no ip redirects
ip mtu 1388
ip ospf cost 100
ip ospf 65534 area 0
!
router ospf 65534
log-adjacency-changes
network 10.139.134.224 0.0.0.31 area 0
network 10.200.34.0 0.0.0.255 area 0
network 10.200.35.0 0.0.0.255 area 0
!
no ip classless
ip route 0.0.0.0 0.0.0.0 Tunnel991 20
ip route 0.0.0.0 0.0.0.0 BVI1 170
ip route 0.0.0.0 0.0.0.0 Dialer0 254
ip route 78.15.211.104 255.255.255.255 Dialer0
ip route 195.130.246.234 255.255.255.255 Dialer0
ip route 213.200.89.112 255.255.255.255 Dialer0
ip route 213.254.210.137 255.255.255.255 Dialer0
ip route 213.254.210.138 255.255.255.255 Dialer0
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface Dialer0 overload
!
access-list 15 permit 10.139.134.19
access-list 66 deny any
access-list 67 permit 10.139.133.0 0.0.0.255
access-list 67 permit 10.139.134.0 0.0.0.255
access-list 67 permit 10.200.37.0 0.0.0.255
access-list 67 permit 10.200.38.0 0.0.0.255
access-list 67 deny any
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 10.139.134.224 0.0.0.31 any
access-list 110 permit ip 10.139.134.224 0.0.0.31 host 10.139.134.10
snmp-server engineID local 0000000902000001425BF5C0
snmp-server community wafer21 RO 67
snmp-server community public RO 66
snmp-server community cable-docsis RO 66
route-map villacidro permit 50
match ip address 110
set interface Tunnel991
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
logging synchronous
login local
!
scheduler max-task-time 5000
ntp clock-period 17175100
ntp server 10.200.36.4 prefer
end

Ho provato a forzare l'mtu su ogni interfaccia ma senza nessuna risoluzione - ma impostandolo localmente su ogni singola macchina tramite drtcp funziona e naviga regolarmente (impostando un mtu a 13881?!?).
Possibile che sia un bug sull'IOS?


bb-vil10#show version
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version 12.4(4)T8, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Sat 11-Aug-07 03:34 by khuie

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE

bb-vil10 uptime is 3 weeks, 2 days, 7 minutes
System returned to ROM by power-on
System restarted at 09:50:30 GMT+2 Tue Sep 20 2011
System image file is "flash:c870-advsecurityk9-mz.124-4.T8.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
[email protected].

Cisco 878 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FCZ115094A0
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
128K bytes of non-volatile configuration memory.
24576K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

[Manuelix]

Ciao geodeti , scusa, ma probabilmente non ho capito, hai provato ad impostare sotto dialer0 mtu 1492 e sotto vlan 1 mtu pari a 1500 ? Non ho capito se tutto ti funziona impostando 1388 sulle interfacce del router o sulle interfacce delle macchine in lan, presumo sulle postazioni.

--- EDIT---
Precisazione se imposti vlan1 con mtu 1500 sulle postazioni dovrà essere impostato il default.

[p.demichele]

io attualmente ho provato sulla dialer a impostare l'mtu ma non ho avuto alcun risultato -
non so se effettivamente sia un problema di mtu oppure sbaglio io qualcosa nella conf

[Manuelix]

Ciao p.demichele io sarei più per l'ipotesi di lormayna e verificherei il suo suggerimento nel tuo caso.

[p.demichele]

si certo, gli stessi dns:
212.216.112.112

[gerdetti]

Ciao Manuelix,

scusami forse mi sono spiegato male...la mia forse è una supposizione comunque (il fatto che sia un problema di MTU), nel senso che a prescindere della modificata dell'mtu su qualsiasi interfaccia fasteth,Tunnel, dialer o vlan1 il problema sulla navigazione rimane sempre (navigazione a singhiozzo) si risolve semplicemente impostandolo manualmente sulla scheda di ogni singolo PC (tramite le impostazioni del DRTCP), quindi bypassa la configurazione delle interfacce.

[p.demichele]

questa è una soluzione ma non stiamo ( a monte ) risolvendo il problema
se io avessi delle macchine gnu/linux non posso ovviare a questo se non forzando l'mtu nanualmente sulla eth -

la conf è corretta?

[gerdetti]

infatti confermo che si tratta di un arrangiamento ma non la soluzione definitiva

[Manuelix]

Ciao le postazioni sono connesse direttamente al router o c'è uno switch di mezzo? Nel caso ci fosse prova con una postazione connessa direttamente al router con interfaccia impostata in default MTU 1500.
-- EDIT---
Ho notato questo:

Codice: Seleziona tutto

ip route 0.0.0.0 0.0.0.0 Tunnel991 20
ip route 0.0.0.0 0.0.0.0 BVI1 170
ip route 0.0.0.0 0.0.0.0 Dialer0 254

potresti spiegare se è voluto e cosa dovrebbe succedere?
Scusa in anticipo la domanda stupida.

[p.demichele]

ciao a tutti,

ho risolto in questo modo.
ho eliminato dalla dialer

Codice: Seleziona tutto

ip mtu 1492

e aggiunto

Codice: Seleziona tutto

ip tcp adjust-mss 1452