Hi everyone,
We are a public school and we have had this problem for a long time now. If I can provide any more details, please let me know.
Following is the topology:
ISP -> Firewall(ip:192.168.2.252) -> Core Layer3 Switch(ip:192.168.2.251)
Core Layer 3 Switch is connected to WLC(ip:192.168.2.8) and 2951 Router(ip:192.168.2.253, serving DCHP server)
We are using Google's DNS(8.8.8.8 and 8.8.4.4) in our network and couple months ago we tried to change the DNS servers to GoGuardian's(Filtering and Monitoring) DNS servers, but that day we have seen couple issues(like YouTube not working) so we had to revert back everything. Ever since we have had this issues even though everything is reverted back.
We can go to YouTube on wired network but not on wireless. We can ping google.com fine on wireless but not YouTube.com.
But can do nslookup for YouTube.com so DNS works fine.
BTW Ping to google.com and YouTube.com on wired network shows "Redirect Network". But remember Youtube.com works on wired. This "Redirect Network" does not happen on pinging on wireless network.
#nslookup on wired network
>nslookup youtube.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: youtube.com Address: 172.217.10.78
>ping youtube.com on wired network
PING youtube.com (172.217.10.78): 56 data bytes 64 bytes from 172.217.10.78: icmp_seq=0 ttl=115 time=18.267 ms 36 bytes from 192.168.2.251: Redirect Network(New addr: 192.168.2.252) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 c6f7 0 0000 40 01 394a 192.168.2.152 172.217.10.78 64 bytes from 172.217.10.78: icmp_seq=1 ttl=115 time=18.607 ms 64 bytes from 172.217.10.78: icmp_seq=2 ttl=115 time=18.594 ms 64 bytes from 172.217.10.78: icmp_seq=3 ttl=115 time=18.532 ms 64 bytes from 172.217.10.78: icmp_seq=4 ttl=115 time=18.181 ms 64 bytes from 172.217.10.78: icmp_seq=5 ttl=115 time=18.726 ms 64 bytes from 172.217.10.78: icmp_seq=6 ttl=115 time=18.606 ms 64 bytes from 172.217.10.78: icmp_seq=7 ttl=115 time=18.201 ms 64 bytes from 172.217.10.78: icmp_seq=8 ttl=115 time=18.387 ms 64 bytes from 172.217.10.78: icmp_seq=9 ttl=115 time=18.608 ms 64 bytes from 172.217.10.78: icmp_seq=10 ttl=115 time=18.639 ms 64 bytes from 172.217.10.78: icmp_seq=11 ttl=115 time=18.536 ms 64 bytes from 172.217.10.78: icmp_seq=12 ttl=115 time=18.399 ms 36 bytes from 192.168.2.251: Redirect Network(New addr: 192.168.2.252) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 ba68 0 0000 40 01 45d9 192.168.2.152 172.217.10.78 64 bytes from 172.217.10.78: icmp_seq=13 ttl=115 time=18.445 ms 64 bytes from 172.217.10.78: icmp_seq=14 ttl=115 time=18.800 ms 64 bytes from 172.217.10.78: icmp_seq=15 ttl=115 time=18.728 ms
#nslookup on wireless network
$ nslookup youtube.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: youtube.com Address: 208.70.74.21
Ping YouTube on wireless network
$ ping youtube.com PING youtube.com (208.70.74.21): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 Request timeout for icmp_seq 4 Request timeout for icmp_seq 5
OMG: Just did, whois 172.217.10.78 and got
OrgAbuseHandle: ABUSE5250-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: network-abuse@google.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5250-ARIN
but did whois 208.70.74.21
OrgAbuseHandle: ABUSE898-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-661-554-0287 OrgAbuseEmail: abuse@multacom.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE898-ARIN
This ip is not even show org is Google.
Seriously lost here. Would WLC cache stuff and somehow affect us?
Some of current DHCP configs on our 2951 Router:
! ip dhcp pool WIRED network 192.168.2.0 255.255.255.0 default-router 192.168.2.251 dns-server 8.8.8.8 8.8.4.4 ! ! ip dhcp pool WIFI network 172.16.0.0 255.255.240.0 default-router 172.16.14.251 dns-server 8.8.8.8 8.8.4.4 lease 7 !
Wireshark shows TCP traffic to
172.16.0.14 208.70.74.21 TCP 78 [TCP Retransmission] 53468 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=110210111 TSecr=0 SACK_PERM=1 TCP Analysis Flag: This frame is a(suspected) retransmission