Switching

last person joined: 16 hours ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  LAN has access only to google!

    Posted 03-07-2012 19:31
    I am experiencing something bizzare.  I have a situation where from the LAN, devices can only access google.com and do searches on google.  When any of the links are clicked, it doesnt go anywhere.  No other internet site seems to be accessible.  
    The DNS resolves accurately.  ICMP requests to external networks are completed successfully.  Traceroutes to external address show the correct routes out the network.
    If a device in the LAN is hooked up directly to the handoff links, then everything works properly. 
    So, my belief is that:
    1. Routing is working properly.
    2. There are no ACLs or policies upstream from the network that are blocking traffic.
    3. The devices in the LAN are working properly.
    4. DNS is resolving properly.
    Configuration details:

    1.  ISP running HSRP between the two interfaces

    2.  Physical links from ISP coming into an EX4200 swtich running in virtual-chassis mode.

    3.  Links from the EX4200 to untrust port on two SSGs running in NSRP active/passive mode.

    4.  Links from the SSG eth1 interfaces to a pair of EX4200s running in Virtual chassis mode.

      

    HANDOFF 1                HANDOFF 2
         |                                |
    EX4200 (member 0)   EX4200 (member 1) 

         |                                |
    SSG550M PRI-----------SSG550M BAK
          |                               |
    EX4200 (member 0)   EX4200 (member 1) 

     

    Anybody have any ideas?

     



  • 2.  RE: LAN has access only to google!
    Best Answer

    Posted 03-08-2012 04:19

    Have a read, its one possible solution:

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB11688&cat=JUNOSES&actp=LIST&smlogin=true

     

    I think on the SSG this is set the same.



  • 3.  RE: LAN has access only to google!

    Posted 03-08-2012 19:11

    I would agree that this sounds like an MTU issue.  You might consider trying to test that using the mturoute utility (downloadable as a command-line executable.

     

    Ron



  • 4.  RE: LAN has access only to google!

    Posted 03-09-2012 07:54

    Changing the mss size on the firewall fixed the issue.  thanks!