01-20-2025 04:03 AM
Hello All:
The telco at our site has a fiber NTU/router and we are connecting the ISR4431 gig0/0/0 to this device.
When we use a laptop and statically assign the IP address, the laptop works fine and can ping, with its "don't fragment" option set to a byte load of 1472. This is expaected.
When I plug this cable into the ISR4431 gig 0/0/0, set the IP address and ping the GW with the df-bit set, I get this:
CCrouter#ping 103.205.244.105 df-bit size 500 repeat 10
Type escape sequence to abort.
Sending 10, 500-byte ICMP Echos to 103.205.244.105, timeout is 2 seconds:
Packet sent with the DF bit set
!!!.!!!.!!
Success rate is 80 percent (8/10), round-trip min/avg/max = 1/1/1 ms
What is it wanting to fragment? When the laptop is there its fine to 1472 bytes but the ISR4431 starts fragmenting at 500 bytes?
CCrouter#ping 103.205.244.105 df-bit size 400 repeat 10
Type escape sequence to abort.
Sending 10, 400-byte ICMP Echos to 103.205.244.105, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!.!!!!.
Success rate is 80 percent (8/10), round-trip min/avg/max = 1/1/1 ms
And 400 bytes?
CCrouter#ping 103.205.244.105 df-bit size 300 repeat 10
Type escape sequence to abort.
Sending 10, 300-byte ICMP Echos to 103.205.244.105, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!.!!!
Success rate is 90 percent (9/10), round-trip min/avg/max = 1/1/1 ms
And 300 bytes?
CCrouter#ping 103.205.244.105 df-bit size 200 repeat 10
Type escape sequence to abort.
Sending 10, 200-byte ICMP Echos to 103.205.244.105, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!.
Success rate is 90 percent (9/10), round-trip min/avg/max = 1/1/1 ms
Even at 200 bytes it loses one.
Here are the interface's parameters:
interface GigabitEthernet0/0/0
description Internet Link
ip address A.B.C.D 255.255.255.248
no ip redirects
no ip proxy-arp
ip nat outside
ip access-group FilteredList in
speed 1000
no negotiation auto
crypto map soimainmap
service-policy input protection
ip virtual-reassembly
end
I originally had it set to "neg auto" but tried manually setting to speed and duplex to see if it changed anything....but it didn't.
I'm scratching my head here. Why does the Cisco want to fragment at such low packet sizes but the laptop does not?
Cheers,
john
Solved! Go to Solution.
01-20-2025 04:10 AM
Service-policy <<- check this under interface I think it limit data rate
MHM
01-20-2025 04:10 AM
Service-policy <<- check this under interface I think it limit data rate
MHM
01-20-2025 04:18 AM
Yup! That was it!.
Thank you so much.
Cheers,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide