10-23-2010 05:13 AM - edited 03-11-2019 11:59 AM
Good afternoon to everybody!
I have this scenario: Cisco877----------ASA5505---------LAN 192.168.2.0/24
I have configured my Cisco 877 in bridge mode. So my ASA5505 will have the public IP address on its outside ethernet interface.
Everything is working well.
But I have a question... Should I change the MTU for the outside ASAs ethernet interface? Now is set to MTU 1500.
For the "inside" is set to MTU 1500.
I have made a "show interfaces" at Cisco877:
Router#show interfaces
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR (with Alcatel ADSL Module)
MTU 4470 bytes, sub MTU 4470, BW 734 Kbit/sec, DLY 500 usec,
reliability 255/255, txload 22/255, rxload 77/255
Encapsulation ATM, loopback not set
Encapsulation(s): AAL5 AAL2, PVC mode
10 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 362
Queueing strategy: Per VC Queueing
5 minute input rate 220000 bits/sec, 27 packets/sec
5 minute output rate 64000 bits/sec, 28 packets/sec
1669800 packets input, 1343751740 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 9 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
1636733 packets output, 603190202 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
FastEthernet0 is up, line protocol is up
Hardware is Fast Ethernet, address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 63000 bits/sec, 28 packets/sec
5 minute output rate 215000 bits/sec, 28 packets/sec
1621255 packets input, 586565449 bytes, 0 no buffer
Received 37 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
1689219 packets output, 1328478895 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet1 is up, line protocol is down
Hardware is Fast Ethernet, address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet2 is up, line protocol is down
Hardware is Fast Ethernet, address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet3 is up, line protocol is down
Hardware is Fast Ethernet, address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 75000 bits/sec, 29 packets/sec
5 minute output rate 199000 bits/sec, 28 packets/sec
1621764 packets input, 580695069 bytes, 0 no buffer
Received 1600 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1689302 packets output, 1321560584 bytes, 0 underruns
0 output errors, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Router#
10-23-2010 05:26 AM
hi ,
its my personal feeling, unless you are experiencing some issues and slow traffic, we should be ok with mtu of 1500 on the ASA
10-23-2010 05:43 AM
Hi,
For now it is doing well.
It is just that I have read a lot of stuff from people saying that changing this parameter it is posible to surf the web faster. Because of no defragmentation of packets.
Let´s see what happens.
Thanks!
Sebastián Yáñez
10-23-2010 05:55 AM
Hi Sebastian,
It is true that using a a lower MTU does help in certain scenarios.
But an MTU of 1500 is is used in most cases unless we have a VPN or some other service that encapsulates the packet (adds headers to the packet) increasing the packet size.
Anyway, try with a lower MTU if you are intersted and let me know your experience
Cheers,
Nash.
10-23-2010 08:37 AM
it depends on a lot of diffrent factors
but having said that, i have not seen many playing around with mtu unless there is an issue
if you want you can change mtu to 1400 which should be safe for most applications
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide