Google Searches Work, But All the Result Links DON’T(BT Broadband)

KB ID 0000740

Problem

I was covering the phone for one of the days over the Christmas period, and a client had rang in with this problem, at first I thought it was simply an EDNS problem like this. However some testing proved DNS was working fine? Then I thought it was an Internet Explorer problem, until Chrome and Firefox did the same. I could go to Google and search for what I wanted,but all the links (and any other URL I tried, with the exception of YouTube strangely), would not work. SMTP/Email worked, as did FTP and everything else I tested? But HTTP and HTTPS would not, with the exception of Google/YouTube.

So I knew the problem was either the router, (a Cisco 1800 with firewall IOS), or the ADSL circuit itself that was causing the problem.

Solution

As BT Business Broadband ADSL circuits don’t usually come with a Cisco Router, I thought if I rang them I’d get the “We didn’t supply or support that router” speech, so I got the client to dig out their supplied (2Wire) router, and asked him to ring BT while I was on-site.

While he was explaining the problem, the Engineer on the other end said, “Unplug the 2Wire and plug the Cisco router back in, I will ring you back…”. This was strange behavior for BT, and I thought we would be the victim of “BT Syndrome“, and sure enough five minutes later is magically fixed itself.

When BT rang back, they explained that this had been imposed on the client, because they were a ‘little late’ paying their bill, (there’s Christmas spirit for you).

Related Articles, References, Credits, or External Links

NA

Cisco ISE – Basic 802.1x With Windows Part Two – Configuring 802.1x Policies

KB ID 0001075 D

Problem

Back in Part One, we joined Cisco ISE to Active Directory, now we we will take the built in ISE policies and change them. This will allow our clients to authenticate, with the correct protocols.

Solution

1. By default ISE will use pretty much any available protocol, we are going to use PEAP, although I’m also going to allow EAPTLS (it’s more secure and if I start rolling out certificates I’ve already got it available). Policy > Policy Elements > Results > Authentication > Allowed Protocols > Add > Give the protocol set a name > Allow EAPTLS and PEAP.

2. Policy > Authentication > There will be three built in, one for MAB and one for 802.1x, and a ‘catch all’ rule at the end. Edit the MAB rule.

3. Click the cross next to ‘Internal Endpoints’.

4. Change the options, (top to bottom) to; Continue, Continue, and Drop.

5. Now edit the Dot1x policy.

6. Set the identity source to the Active Directory you configured in part one. Ensure the options are set (top to bottom) to; Reject, Reject, and drop.

7. Finally change the ‘Allowed Protocol’ to the set you created in step 1. Then click ‘Save’.

Related Articles, References, Credits, or External Links

NA