cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1013
Views
0
Helpful
4
Replies
nemiath76
Beginner

Cisco 1841 hpwic 802.11 abg MTU size need help

Hello. I need some help regarding the MTU size on my 1841 wireless connection.

My router connects to the internet via a adsl connection wich is sed to MTU 1492.

Internet works fine on wired ports. Although when i connect to my wireless SSID

(bridged setup) i manually have to set up the MTU on my OSX machine in order for

my connection to behave properly. When set to automatic i have serious fragmentation issues.

The question is: Is there a way to set the MTU size for my wireless module connections in order

for MTU to be 1492 or lower in order for my mac to get the settings automatically?

I am new to this and i am having a hard time. Below is my configuration.

Thanks.

!

! Last configuration change at 12:46:46 Athens Sat Dec 3 2011 by admin

! NVRAM config last updated at 12:47:49 Athens Sat Dec 3 2011 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$89xj$p33gqt4Pc6UzSLKK0VR8a.

!

no aaa new-model

!

resource policy

!

clock timezone Athens 2

clock summer-time Athens date Mar 30 2003 3:00 Oct 26 2003 4:00

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1

ip dhcp excluded-address 192.168.2.254

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool cisco

   network 192.168.2.0 255.255.255.0

   dns-server 192.168.2.254

   default-router 192.168.2.254

!

ip dhcp pool ps3

   network 192.168.1.0 255.255.255.252

   default-router 192.168.1.1

   dns-server 192.168.1.1

!

ip dhcp pool wireless

   network 192.168.0.0 255.255.255.0

   dns-server 192.168.0.254

   default-router 192.168.0.254

   lease 3

!

!

vpdn enable

!

!

!

!

username admin privilege 15 password 7 15165801542939702B2A

!

!

!

bridge irb

!

!

!

interface FastEthernet0/0

ip address 192.168.2.254 255.255.255.0

ip nat inside

no ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.252

ip nat inside

no ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

bundle-enable

dsl operating-mode auto

!

interface ATM0/0/0.1 point-to-point

no ip proxy-arp

no snmp trap link-status

pvc 8/35

  pppoe-client dial-pool-number 1

!

!

interface Dot11Radio0/1/0

no ip address

no ip redirects

ip local-proxy-arp

ip virtual-reassembly

!

encryption vlan 1 mode ciphers tkip

!

ssid Osiris-5

    vlan 1

    max-associations 8

    authentication open

    authentication key-management wpa

    guest-mode

    wpa-psk ascii 7 13111F43185D177E3B703B2022720103

!

world-mode dot11d country GR indoor

speed basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

beacon period 200

station-role root

no cdp enable

!

interface Dot11Radio0/1/0.1

encapsulation dot1Q 1 native

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0/1/1

no ip address

ip virtual-reassembly

no ip route-cache cef

no ip route-cache

!

encryption vlan 2 mode ciphers tkip

!

ssid Osiris-5

    vlan 2

    max-associations 8

    authentication open

    authentication key-management wpa

    guest-mode

    wpa-psk ascii 7 071B291D5D580A510746181F137A3920

!

world-mode dot11d country GR indoor

speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0

antenna gain 0

station-role root

no cdp enable

!

!

interface Dot11Radio0/1/1.1

encapsulation dot1Q 2 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dialer1

description $FW_OUTSIDE$

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication chap pap callin

ppp chap hostname kkouts

ppp chap password 7 000816010B095B5656

ppp pap sent-username kkouts password 7 10420C1E0A45425B55

ppp ipcp dns request

!

interface BVI1

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

ip http authentication local

no ip http secure-server

ip dns server

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static udp 192.168.2.4 60000 interface Dialer1 60000

ip nat inside source static tcp 192.168.2.4 60000 interface Dialer1 60000

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.2.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

exec-timeout 0 0

password 7 00071A150754

logging synchronous

line aux 0

line vty 0 4

password 7 141341065C07387F2731

login local

!

scheduler allocate 20000 1000

end

2 ACCEPTED SOLUTIONS

Accepted Solutions
lgijssel
Engager

You may need to use the ip tcp adjust-mss command on int bvi1 as well.

Otherwise, it looks like you have located the root cause (fragmantation) which seems to be hard to fix on a mac.

Some links:

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_tech_note09186a0080093bc7.shtml#pppoemtu

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Hope this helps.

regards,

Leo

View solution in original post

always "closest to the host which initiates TCP session" so on LAN/BVI interface.

http://www.cisco.com/en/US/partner/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html

(( sorry for copy&pasting, can not explain it better than Cisco did ))

When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.

The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.

The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets.

The ip tcp adjust-mss command is effective only for TCP connections passing through the router.

In most cases, the optimum value for the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link.

If you are configuring the ip mtu command on the same interface as the ip tcp adjust-mss command, it is recommended that you use the following commands and values:

ip tcp adjust-mss 1452

ip mtu 1492

BR,

Jacek

View solution in original post

4 REPLIES 4
lgijssel
Engager

You may need to use the ip tcp adjust-mss command on int bvi1 as well.

Otherwise, it looks like you have located the root cause (fragmantation) which seems to be hard to fix on a mac.

Some links:

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_tech_note09186a0080093bc7.shtml#pppoemtu

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

Hope this helps.

regards,

Leo

View solution in original post

Thanks for your help. One question i havent found a answer on the web yet. I am kinda new with cisco an struggling :-)

When you issue the ip tcp adjust-mss command do you apply it to the bridge interface or the physical dot11radio ones?

and why ?

always "closest to the host which initiates TCP session" so on LAN/BVI interface.

http://www.cisco.com/en/US/partner/docs/ios/12_2t/12_2t4/feature/guide/ft_admss.html

(( sorry for copy&pasting, can not explain it better than Cisco did ))

When a host (usually a PC) initiates a TCP session with a server, it negotiates the IP segment size by using the MSS option field in the TCP SYN packet. The value of the MSS field is determined by the maximum transmission unit (MTU) configuration on the host. The default MSS value for a PC is 1500 bytes.

The PPP over Ethernet (PPPoE) standard supports a MTU of only 1492 bytes. The disparity between the host and PPPoE MTU size can cause the router in between the host and the server to drop 1500-byte packets and terminate TCP sessions over the PPPoE network. Even if the path MTU (which detects the correct MTU across the path) is enabled on the host, sessions may be dropped because system administrators sometimes disable the ICMP error messages that must be relayed from the host in order for path MTU to work.

The ip tcp adjust-mss command helps prevent TCP sessions from being dropped by adjusting the MSS value of the TCP SYN packets.

The ip tcp adjust-mss command is effective only for TCP connections passing through the router.

In most cases, the optimum value for the max-segment-size argument is 1452 bytes. This value plus the 20-byte IP header, the 20-byte TCP header, and the 8-byte PPPoE header add up to a 1500-byte packet that matches the MTU size for the Ethernet link.

If you are configuring the ip mtu command on the same interface as the ip tcp adjust-mss command, it is recommended that you use the following commands and values:

ip tcp adjust-mss 1452

ip mtu 1492

BR,

Jacek

View solution in original post

thanks a lot for your reply. Unfortunately i cannot access the link you provided :-(