12-04-2011 04:42 AM - edited 03-04-2019 02:30 PM
Hello. I need some help regarding the MTU size on my 1841 wireless connection.
My router connects to the internet via a adsl connection wich is sed to MTU 1492.
Internet works fine on wired ports. Although when i connect to my wireless SSID
(bridged setup) i manually have to set up the MTU on my OSX machine in order for
my connection to behave properly. When set to automatic i have serious fragmentation issues.
The question is: Is there a way to set the MTU size for my wireless module connections in order
for MTU to be 1492 or lower in order for my mac to get the settings automatically?
I am new to this and i am having a hard time. Below is my configuration.
Thanks.
!
! Last configuration change at 12:46:46 Athens Sat Dec 3 2011 by admin
! NVRAM config last updated at 12:47:49 Athens Sat Dec 3 2011 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$89xj$p33gqt4Pc6UzSLKK0VR8a.
!
no aaa new-model
!
resource policy
!
clock timezone Athens 2
clock summer-time Athens date Mar 30 2003 3:00 Oct 26 2003 4:00
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool cisco
network 192.168.2.0 255.255.255.0
dns-server 192.168.2.254
default-router 192.168.2.254
!
ip dhcp pool ps3
network 192.168.1.0 255.255.255.252
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip dhcp pool wireless
network 192.168.0.0 255.255.255.0
dns-server 192.168.0.254
default-router 192.168.0.254
lease 3
!
!
vpdn enable
!
!
!
!
username admin privilege 15 password 7 15165801542939702B2A
!
!
!
bridge irb
!
!
!
interface FastEthernet0/0
ip address 192.168.2.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip nat inside
no ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no ip proxy-arp
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dot11Radio0/1/0
no ip address
no ip redirects
ip local-proxy-arp
ip virtual-reassembly
!
encryption vlan 1 mode ciphers tkip
!
ssid Osiris-5
vlan 1
max-associations 8
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 13111F43185D177E3B703B2022720103
!
world-mode dot11d country GR indoor
speed basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
beacon period 200
station-role root
no cdp enable
!
interface Dot11Radio0/1/0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0/1/1
no ip address
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
encryption vlan 2 mode ciphers tkip
!
ssid Osiris-5
vlan 2
max-associations 8
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 071B291D5D580A510746181F137A3920
!
world-mode dot11d country GR indoor
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
antenna gain 0
station-role root
no cdp enable
!
!
interface Dot11Radio0/1/1.1
encapsulation dot1Q 2 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dialer1
description $FW_OUTSIDE$
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname kkouts
ppp chap password 7 000816010B095B5656
ppp pap sent-username kkouts password 7 10420C1E0A45425B55
ppp ipcp dns request
!
interface BVI1
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static udp 192.168.2.4 60000 interface Dialer1 60000
ip nat inside source static tcp 192.168.2.4 60000 interface Dialer1 60000
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
exec-timeout 0 0
password 7 00071A150754
logging synchronous
line aux 0
line vty 0 4
password 7 141341065C07387F2731
login local
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
12-04-2011 05:14 AM
You may need to use the ip tcp adjust-mss command on int bvi1 as well.
Otherwise, it looks like you have located the root cause (fragmantation) which seems to be hard to fix on a mac.
Some links:
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_tech_note09186a0080093bc7.shtml#pppoemtu
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Hope this helps.
regards,
Leo
12-04-2011 06:47 AM
always "closest to the host which initiates TCP session" so on LAN/BVI interface.
http://www.cisco.com/en/US/partner/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html
(( sorry for copy&pasting, can not explain it better than Cisco did ))
When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.
The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.
The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets.
The ip tcp adjust-mss command is effective only for TCP connections passing through the router.
In most cases, the optimum value for the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link.
If you are configuring the ip mtu command on the same interface as the ip tcp adjust-mss command, it is recommended that you use the following commands and values:
•ip tcp adjust-mss 1452
•ip mtu 1492
BR,
Jacek
12-04-2011 05:14 AM
You may need to use the ip tcp adjust-mss command on int bvi1 as well.
Otherwise, it looks like you have located the root cause (fragmantation) which seems to be hard to fix on a mac.
Some links:
http://www.cisco.com/en/US/tech/tk175/tk15/technologies_tech_note09186a0080093bc7.shtml#pppoemtu
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Hope this helps.
regards,
Leo
12-04-2011 05:38 AM
Thanks for your help. One question i havent found a answer on the web yet. I am kinda new with cisco an struggling :-)
When you issue the ip tcp adjust-mss command do you apply it to the bridge interface or the physical dot11radio ones?
and why ?
12-04-2011 06:47 AM
always "closest to the host which initiates TCP session" so on LAN/BVI interface.
http://www.cisco.com/en/US/partner/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html
(( sorry for copy&pasting, can not explain it better than Cisco did ))
When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.
The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.
The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets.
The ip tcp adjust-mss command is effective only for TCP connections passing through the router.
In most cases, the optimum value for the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link.
If you are configuring the ip mtu command on the same interface as the ip tcp adjust-mss command, it is recommended that you use the following commands and values:
•ip tcp adjust-mss 1452
•ip mtu 1492
BR,
Jacek
12-05-2011 01:30 AM
thanks a lot for your reply. Unfortunately i cannot access the link you provided :-(
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide