No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Users from VLAN 100 cannot access some websites

Publication Date:  2018-04-16 Views:  129 Downloads:  0
Issue Description

The scenario is as follows: one USG FW as a DHCP server and vlan's: 100 Teachers and vlan 101 for Students. There is an dhcp for vlan 1 which iis mnmgt lan for the devices: FW-AC-Sw's-Ap's(ap take ip addresses by this dhcp). Wireless works fine after updated the firmware to AC6005-V200R007C20SPC300. But When Is connecting  to the second  port GE0/0/1 of AP4051, is received dhcp ip from vlan 1 . There is  a wired profile for the port with mode endpoint and ipv4 learning and untagged vlan 100, couse PC needs to be in teachers vlan and is  tagged vlan 100 on ge0/0/0.  

AP's are connected throughout POE switches.

First on the FW, was made NAT for only 38 IPs from mnmg vlan1. The pc's connected to GE1 port on APs worked fine but now they can't open some web pages that work on other vlan 100 (Teachers) and vlan 101 (Students).

Maybe some changes were made  on the FW, because have test fw and ac and a laptop connected to AC and this doesn't happened. After these changes it doesn't work. Was rolled back configuration on AC. Users from VLAN 100 cannot access some websites 

Solution

The TCP MSS was set to 1450. Since the connection is done via PPOE, the MTU must be set lower. For some reason, when connecting to some webpages, the client and server where negotiating a TCP MSS what was too high. By setting it manually, we managed to fix the problem.

END