Unable to Access Websites due to tcp mss issue

Some days ago a weird issue popped up. One of our client complain about website access issue. From their LAN network some of their user unable to access some websites but all are accessible from other Network. Than we’re checked DNS, Routing, Firewall Filters and related things but didn’t found any mentionable reason. The Interesting subject is; it was not happening for all users. Some users able to browse but some are not. Than we captured the packet and found different segment size generating from different workstation after that we fixed tcp mss on router interface.

Resolution for IOS (Set ip tcp mss on LAN interface):
Router(config)# interface gi0/0/1
Router(config)# ip tcp adjust-mss 1440

Details about Tcp mss :

  1. https://blog.apnic.net/2014/12/15/ip-mtu-and-tcp-mss-missmatch-an-evil-for-network-performance/
  2. https://learningnetwork.cisco.com/thread/40703
  3. http://networking.nitecruzr.net/2007/11/setting-mtu-in-windows-vista.html
Continue Reading

How to Configure SNMP on Cisco IOS Router or Switch?

SNMP protocol helps network administrators to manage, monitor the state of network devices. The network device send some information’s to the NMS server to trace graphics who permit to analyzing the CPU, memory, I/O, Etc. The following case is to enable SNMP client on the Cisco Router is snmp community, followed by the community name and send it trap to specific host.

Step-1: Enable SNMP with the following command:

Router(config)#snmp-server community <community-string> ro
Router(config)#snmp-server community <community-string> rw
Router(config)#snmp-server community public rw

Here community-string is the actual community string. The “ro” means read-only and “rw” for read-write.

Step-2: Use the snmpserver host commandto specify which host or hosts receive SNMP

Router(config)#snmp-server host <ip-address> <version > <community-string>

Here “ip-address” is the IP address of the SNMP management station and “community-string” is the actual community string.

Step-3: Enable the Router to send Simple Network Management Protocol traps or informs (SNMPnotifications), use the snmp-server enable traps global configuration command. After this command is executed, SNMP traps will be sent automatically to the SNMP management station configured in the previous step.

Router(config)#snmp-server enable traps

This command turns on all the varieties of traps. You can also turn on specific traps, by appending them to the above command, one trap variant at time. Some allow for further specificity. For example

Router(config)#snmp-server enable traps frame-relay
Router(config)#snmp-server enable traps envmon temperature
Router(config)#snmp-server enable traps bgp
Router(config)#snmp-server enable traps snmp

Case Summary in point a (Used IOS Version 15.X and SNMP Version 2):

Router(config)#snmp-server community GreenZone rw
Router(config)#snmp-server host  version 2c GreenZone
Router(config)#snmp-server enable traps



Continue Reading