s**********y
发帖数: 3366 | 1 网络大概是这样的,
WLC+ LAP,2个ssid-->layer2 swithch--> router--> ASA ----> internet.
一个ssid, 可以上互联网,ping, telnet, http, everything.
另外一个,可上,但是只能,ping, tracert, telnet, ftp et al. but not http!!
初步看了一下,不是ASA, 没有任何对http 和 那个ssid 对应的网络的限制。
DNS 也换过,反正不论怎么换,结论全一样。
不用sniffer, 如何trouble-shooting this:) | a***n
发帖数: 262 | 2 Divide and Conquer :-)
Application, wired or wireless?
Try to use IP for http to exclude DNS related issue.
I would configure a static IP on a laptop off the layer 2 switch or router
on that one problematic SSID network, and try http, if success, then not
switch/router/ASA, look at your wireless infrastructure. If unsuccessful,
then look at your wired infrastructure.
Wireless Network might have role based access control. or http redirection
failure?
【在 s**********y 的大作中提到】
: 网络大概是这样的,
: WLC+ LAP,2个ssid-->layer2 swithch--> router--> ASA ----> internet.
: 一个ssid, 可以上互联网,ping, telnet, http, everything.
: 另外一个,可上,但是只能,ping, tracert, telnet, ftp et al. but not http!!
: 初步看了一下,不是ASA, 没有任何对http 和 那个ssid 对应的网络的限制。
: DNS 也换过,反正不论怎么换,结论全一样。
: 不用sniffer, 如何trouble-shooting this:)
| s**********y
发帖数: 3366 | 3 actually, wireless is not an issue now, i hook my laptop to switch, in the
same vlan with wireless, still no www.
same laptop connecting to another vlan works:)
all these pointing to asa.
wow, i did what exactly you said here.
this asa is doing interface pat. so i may just try one by one to find out
which network will be able to connect to outside web :) | a***n
发帖数: 262 | 4 use packet-tracer on your ASA
【在 a***n 的大作中提到】
: Divide and Conquer :-)
: Application, wired or wireless?
: Try to use IP for http to exclude DNS related issue.
: I would configure a static IP on a laptop off the layer 2 switch or router
: on that one problematic SSID network, and try http, if success, then not
: switch/router/ASA, look at your wireless infrastructure. If unsuccessful,
: then look at your wired infrastructure.
: Wireless Network might have role based access control. or http redirection
: failure?
| s**********y
发帖数: 3366 | 5 oh, i heard something called capture, is it same as packet-tracer?
looks like packet-tracer is more straightforward.
thx, | x*********n
发帖数: 28013 | 6 好典型的网络啊,基本上每个客户都是这样的。
DNS server在哪里啊? |
|
