Long Loading Time of Web Page via Meraki LAN and WLAN

CarloDC
Here to help

Long Loading Time of Web Page via Meraki LAN and WLAN

We have this issue that has been going on for a couple of months now. We have these two specific URL that takes 2 minutes to load the landing page regardless of which web browser is being used. This only happens when the user is connected to the Meraki LAN and WLAN. Typically these web pages should load within 2 to 3 seconds. We are at a roadblock and don't know what to do

 

There have been a lot of test done to isolate the issue, we tried the following scenarios

  1. MerakiSSID1(Security: RADIUS) + Global Protect VPN - Slow loading when opening the said web pages
  2. MerakiSSID2(Security: password) + Global Protect VPN - Slow loading when opening the said web pages
  3. MerakiSSID3 (Open Security) + Global Protect VPN - Slow loading when opening the said web pages
  4. Local contact’s Hotspot + Global Protect VPN - Fast loading
  5. Office Standalone internet + Global Protect VPN - Fast loading
  6. Work from Home Internet + Global Protect VPN – Fast loading
  7. Tried to directly connect the laptop to Primary ISP bypassing the MX – Fast Loading
  8. Tried to directly connect the laptop to Secondary ISP bypassing the MX – Fast Loading
  9. Tried to connect the laptop directly to the Meraki Access Switch using MerakiSSID1, SSID2, and SSID3 VLAN - Slow loading when opening the said web pages

 

With these results we tried several solutions but has no effect.

  1. Tired Load balancing the circuit at the office
  2. Tried routing all the traffic to Primary circuit
  3. Tried routing all traffic to Secondary circuit
  4. Adjustment of Transmit power of the AP
  5. Tried upgrading the AP to the latest stable firmware
  6. Tried restarting the APs
  7. Tried upgrading the switches to the latest stable firmware
  8. Tried restarting the switches.
  9. Tried removing the content filtering and disabling IPS IDS

 

We are focusing on the in-office Meraki WLAN and LAN first because of the test results but one thing is certain based from the HAR file that we got. A Get Java script operation is preventing the page from loading instantly when connected to the Meraki wireless and wired network. We are still not sure how this relates when colleagues are using the in-office network where in fact the traffic should be traversing the VPN. These resources are only accessible via VPN but there’s something in the Meraki network that is preventing these from loading instantly

 

14 Replies 14
alemabrahao
Kind of a big deal

Do you have any QoS rules? In any case, I advise you to open a support case.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
CarloDC
Here to help

We do not have QoS configured but we do have a default traffic shaping rule in the MX. This same traffic shaping rule is present across hundreds of our sites and they don't experience the same issue

CarloDC
Here to help

By the way, I forgot to mention that we also tried to directly connect a laptop to one of the MX LAN ports and assigned the SSID1, SSID2, SSID3 VLAN to that port to test for different subnets. The web page loaded really fast like just 1 to 2 seconds. So, I we know it's not the MX. 

cmr
Kind of a big deal
Kind of a big deal

@CarloDC to be clear, if you connect a laptop directly to the MX on VLAN x (the one SSID1 uses) then it is fast, but if you connect to a switchport that is set to the VLAN for SSID1 on a switch that is connected to the MX, it is slow?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
cmr
Kind of a big deal
Kind of a big deal

What switches do you have and what firmware are they on?

What is the connection from the switch you tested to the MX?  i.e. 1Gb, CAT6a 3m lead, mgig port on switch.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
CarloDC
Here to help

Our switches for that site are all MS250-24P running firmware MS 17.2.1.1. We used a Cat5 cable. ports are 100M/1Gbps capable

alemabrahao
Kind of a big deal

Have you checked if the ports are negotiating in Giga?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Mloraditch
Kind of a big deal

Your troubleshooting has been extremely thorough and documented. I agree with @alemabrahao this is a support case.

The only things I can think of that you haven't done is connect directly to the MX LAN ports and test or try from a different VLAN besides the ones your ssids. That would provide additional isolation info to help support narrow it down.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
CarloDC
Here to help

Yes, we opened a Meraki TAC case, and we scheduled a troubleshooting session with them

 

Those are our production VLANs on within the LAN / WLAN.

PhilipDAth
Kind of a big deal
Kind of a big deal

You need to start with isolating WHAT is loading slowly.  Open Chrome developer tools (CTRL+SHIFT+I).  Go to the network tab, and then type in your website.  Look at all the resources it loads, and the waterfall graph.  It will identify what is getting "stuck", and what component of the process is having the issue (TCP connection, DNS, SSL negotiation, etc).

Once you have identified one component, and focus your time on exactly this one area.

 

Common issues are to do with websites loading third-party components.

 

PhilipDAth_0-1750190592372.png

 

PhilipDAth_0-1750190729789.png

CarloDC
Here to help

Hi Phil thanks for the suggestion. We actually did this already it always gets stuck with some get JS operation which is supposed to be fast since these are 0B in size. I could easily check with the site dev what's with the but based on our recent troubleshooting with Meraki TAC the issue is more isolated on the switch level

 

CarloDC_1-1750836026228.png

 

 

CarloDC
Here to help

I checked some of the major differences on each switch because of the inconsistencies that we got from the joint troubleshooting last week. Directly connecting the laptop on AS01-1 resulted to fast loading of the said web pages while the opposite was observed on AS02-2. We also tested with employees connected the wireless network and yielded slow results.  

 

What I discovered was that all switches except AS01 have their uplink towards the primary MX in RSTP blocking state. It is also unusual that AS01 did not have any RSTP blocking port on one of its uplinks.  I am not quite sure if this would have a direct effect on the slowness, but in my experience the uplink that should be in forwarding state is the one connected to the primary MX. I scheduled another troubleshooting with Meraki TAC to confirm.

 

Does anyone had this kind of set up in your enterprise network?



CarloDC_2-1750836556843.png

 

 

alemabrahao
Kind of a big deal

This topology is not recommended. Instead, I would have just one switch connected directly to the MX and distribute the connection from this switch to the others.

Something like this.

 

 

alemabrahao_0-1750845687175.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
CarloDC
Here to help

Thank you for the recommendation. That makes sense, this particular site in our organization did not follow the standard design where there's a distribution switch connecting to both MXs for those sites with dual MX. Hopefully this is the cause of the issue. 

 

I will let you know guys once we made progress. I have a strong feeling we have finally identified the issue

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels