How to modify MT and pachet fragmentation size on Cisco 1800 Routers

      Comments Off on How to modify MT and pachet fragmentation size on Cisco 1800 Routers

cisco_linkAgo 2 days i have a nice problem with the Internet access for some users in the branch office.

Offcourse i used VPN conenction for conencting the Brach-Office with Head-Office. The problems is not appears because i use before this for this remote employees the Cisco VPN Client for acess the Head-office.

Annyiway the problems is with the MTU size and Pachet fragmentation.

Symptoms:

1. Slow network conention to HeadOffice or Internet

2. Cannot access the Internet, you receive the DHCP address (over VPN) but nothing else  not works.

Posible solutions:

1. Change the MTU on all PC (skip this)

2. Change the Router Setting (The elegant solution)

Explanation

1. All Windows base PC -s by defautl have the MTU set to 1500.

2. The probelm with the Cisco router and the VPN packages is with the encapsulation and fragmentation size of the pachets.

3. By default the Cisco VPN Client on instalation change teh default MTU size on all OS to 1300 (its enough for most of encription technologies to transfer teh Data Pachets + Encaptulation packets)

4. The Cisco Routers have the physical INTerface MTU set to 1500 and the problems appears on the fragmentation part.

How to solve the problem:

1. Test the best MTU size, like one local PC with teh following command
[code lang=”bash”]
ping yahoo.com -f -l 1472
[/code]
If not works please decrement the size by example:
[code lang=”bash”]
ping yahoo.com -f -l 1400
[/code]

2. Make teh setting on the Cisco router

Verify the Interfaces settings

[code lang=”bash”]

router# sh interfaces status

Port    Name     Status       Vlan       Duplex Speed Type
Fa0/0/0          notconnect   1            auto    auto 10/100BaseTX
Fa0/0/1          notconnect   1            auto    auto 10/100BaseTX
Fa0/0/2          connected    1          a-full   a-100 10/100BaseTX
Fa0/0/3          connected    1          a-full   a-100 10/100BaseTX
[/code]
Verify for in teh running config the interface VLAN1 config-s (in m case)

[code lang=”bash”]
router#sh running-config
interface Vlan1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
[/code]

OK, if you have some same you need to configure the windows size of the packets (like  ip tcp adjust-mss 1400), In this case your router don’t need to trunk the packets at 1472(This is the default for PPOE packets)

[code lang=”bash”]
router# config term
router(config)# interface Vlan 1
router(config-if)# ip tcp adjust-mss 1400
[/code]

If you what to seet the MTU size you can make this after the last command on teh interface configuration options with teh command

[code lang=”bash”]
router(config-if)# ip mtu 1400
[/code]

3. Enjoy the Connection


More infos:

http://en.wikipedia.org/wiki/Maximum_transmission_unit

MTU Tuning for L2TP

TCP MSS Adjustment