Telnet session to FWSM module disconnects due to MTU size issues in Catalyst 6500 or 7600 series switches.
When the SSH connection is established and a command is entered, the connection dies.
The SSH session stays up if the size of the packets are less than a specified MTU. For example, if you issue the pager 5 command, which lets you choose the number of lines to display before the More prompt appears, it stays up without issue.
Anything between MTU size 1469 and 1472 times out. Anything less than MTU size 1468 works.
In order to ensure that the maximum TCP segment size does not exceed the value you set and that the maximum is not less than a specified size, use the sysopt connection tcpmss command in global configuration mode.
The default of 1380 bytes allows room for header information so that the total packet size does not exceed 1500 bytes, which is the default MTU for Ethernet. If you set the maximum size to be greater than 1380, packets can become fragmented, dependent upon the MTU size, which is 1500 by default.
sysopt connection tcpmss
To ensure that the maximum TCP segment size does not exceed the value you set and that the maximum is not less than a specified size, use the sysopt connection tcpmss command in global configuration mode. To restore the default setting, use the no form of this command.
sysopt connection tcpmss [ minimum ] bytes
no sysopt connection tcpmss [ minimum ] [ bytes ]
Sets the maximum TCP segment size in bytes, between 48 and any maximum number. The default value is 1380 bytes. You can disable this feature by setting bytes to 0.
For the minimum keyword, the bytes represent the smallest maximum value allowed.
Overrides the maximum segment size to be no less than bytes, between 48 and 65535 bytes. This feature is disabled by default (set to 0).
The default maximum value is 1380 bytes. The minimum feature is disabled by default (set to 0). Command Modes
The following table shows the modes in which you can enter the command:
Release Modification 7.0(1)
This command was introduced. Usage Guidelines
Both the host and the server can set the maximum segment size when they first establish a connection. If either maximum exceeds the value you set with the sysopt connection tcpmss command, then the ASA overrides the maximum and inserts the value you set. If either maximum is less than the value you set with the sysopt connection tcpmss minimum command, then the ASA overrides the maximum and inserts the “minimum” value you set (the minimum value is actually the smallest maximum allowed). For example, if you set a maximum size of 1200 bytes and a minimum size of 400 bytes, when a host requests a maximum size of 1300 bytes, then the ASA alters the packet to request 1200 bytes (the maximum). If another host requests a maximum value of 300 bytes, then the ASA alters the packet to request 400 bytes (the minimum).
The default of 1380 bytes allows room for header information so that the total packet size does not exceed 1500 bytes, which is the default MTU for Ethernet. See the following calculation:
1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes
If the host or server does not request a maximum segment size, the ASA assumes that the RFC 793 default value of 536 bytes is in effect.
If you set the maximum size to be greater than 1380, packets might become fragmented, depending on the MTU size (which is 1500 by default). Large numbers of fragments can impact the performance of the ASA when it uses the Frag Guard feature. Setting the minimum size prevents the TCP server from sending many small TCP data packets to the client and impacting the performance of the server and the network. Note Although not advised for normal use of this feature, if you encounter the syslog IPFRAG messages 209001 and 209002, you can raise the bytes value. Examples
The following example sets the maximum size to 1200 and the minimum to 400:
ASA Modification of TCP MSS Option Causes Slight Performance Decrease
By default the ASA sets the TCP MSS option in the SYN packets to 1380. Therefore, TCP endpoints should not transmit a TCP segment larger than 1380 bytes. This value is lower than the often default value of 1460 bytes and represents a TCP performance drop of around six percent (6%). Performance might improve is you increase the maximum MSS setting on the ASA or disable the MSS adjustment. Before you modify the default command on the ASA, understand the risks involved with regard to potential fragmentation if the packet is further encapsulated in the path somewhere. For more information, refer to the sysopt connection tcpmss section of the Cisco ASA 5500 Series Command Reference.
What does below error indicate ? Currently all modules diagnostics is showing passed. WS-C6509-E VS-SUP2T-10G In VSS15.1(2)SY10 r2d2_test_one_scratch_reg16:test faile reg[0x0]r2d2_test_one_scratch_reg16:test faile reg[0x1]r2d2_test_one_scratch_r...
Hi all,I am using my core switch cisco 4500E as NTP server for CUCM servers . the core switch sync its time with WAN firewall by stratum 6 which makes the core switch as stratum 7 for CUCM servers and this is not accepted.how to make the core switch...
have 4 switch 3560 POE-8 , 2 of them have been RESET, AND WLC 2100 RESET too, but there are firewall AND ONE switch. Keeps the OLD CONFIG. I try to restore the network to the same old CONFIGURATION Please help .. I am not a specialist in...
Boot fail, and here is the it shows upon booting up. Using driver version 4 for media type 1Xmodem file system is available.Base ethernet MAC Address: 04:31:10:3f:44:00The password-recovery mechanism is enabled.USB EHCI 1.00USB EHCI 1.00USB Console I...
Hi EveryoneI am facing issue on CISCO 2921 Router since last week. Router keep on rebooting automatically. Find below details of Show commands output. Appreciate if anyone can guide about the root cause of Router rebooting. There are no configuration chan...