Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4826
Views
7
Helpful
6
Replies

ip tcp adjust-mss - Main AND sub interface?

estein
Level 1
Level 1

‎11-16-2010 09:56 AM - edited ‎03-04-2019 10:29 AM

I know that I need to configure the ip tcp adjust-mss command on one of my router's sub interfaces.  It appears that I can ONLY configure it on this particular sub interface if I want, without also configuring it on the main interface.  My question is... do I need to define it on the main interface as well, or is the sub interface config sufficient?  I can't find any documentation to help me answer this.  Thanks!!

interface GigabitEthernet0/0

description LAN int

no ip address

ip tcp adjust-mss 1320  <<< Do I need this??

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/0.1

description Dot1Q interface for SafeNet

encapsulation dot1Q 1 native

ip address y.y.y.y 255.255.255.0

ip tcp adjust-mss 1320  <<< Where I know I need it configured.

no cdp enable

!

interface GigabitEthernet0/0.2

description Dot1Q interface for Acc Subnet

encapsulation dot1Q 171

ip address x.x.x.x 255.255.255.248

no cdp enable

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎11-16-2010 10:47 AM

While it would not hurt to have the command on the main interface you do not need to have it on the main interface. It is sufficient to have it on only the subinterface (as long as that subinterface is the only traffic for which you need to control the tcp mss).

Since  there is no IP address on the physical interface and since the native  VLAN is configured as the subinterface, there will be no packets  received on the main interface and this is the reason why you do not  need the command on the main interface.

HTH

Rick

HTH

Rick

iantolko974
Level 1
Level 1
In response to Richard Burts

‎11-19-2010 04:27 AM

Hi I just run into this tread as I am also trying to resolve some mss issues.

I also have configured subinterfaces for different leased lines and have VPN on each.

Now I have to adjust mss on one of the subinterfaces to 1360. Altough command is accepted it looks like the roter does nothing regarding mss during inicial handshake. In one of the cisco documents that this command was enhanced to be configurable on subinterface since 12.2(28). I am running 12.4.(20) so that shouldn't be a problem.

Oh, yes and mss is succesfuly adjusted on the other end - partners router.

Do I have to confure mms on main interface also or am I missing something?

Here is the configuration:

interface FastEthernet0/0
description TTT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/0.1
description RRR
encapsulation dot1Q 681
ip address 192.168.68.1 255.255.255.252
ip access-group RRR in
no cdp enable
crypto map VPN-RRR
!
interface FastEthernet0/0.2
description ZZZ
encapsulation dot1Q 684
ip address 192.168.68.5 255.255.255.252
ip access-group ZZZ in
ip tcp adjust-mss 1360 << set on subinterface only
no cdp enable
crypto map VPN-ZZZ

Packet capture shows that mss was not changed: (partner initiates communication and has corrct mss)

No.     Time                       Source                Destination           Protocol Info
    125 2010-11-19 12:42:04.425515 192.168.65.164        192.168.63.85         TCP      1025 > 9707 [SYN] Seq=1733670344 Len=0 MSS=1360

No.     Time                       Source                Destination           Protocol Info
    126 2010-11-19 12:42:04.427071 192.168.63.85         192.168.65.164        TCP      9707 > 1025 [SYN, ACK] Seq=3774345480 Ack=1733670345 Win=16384 Len=0 MSS=1380

No.     Time                       Source                Destination           Protocol Info

    127 2010-11-19 12:42:04.430382 192.168.65.164        192.168.63.85         TCP      1025 > 9707 [ACK] Seq=1733670345 Ack=3774345481 Win=65535 Len=0

Thank you for any input.

Ivica

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to iantolko974

‎11-19-2010 04:59 AM

Ivica,

Where did you capture these TCP segments? The change to the MSS indicated by 192.168.63.85 would be visible only after this segment went through the subinterface using the ip tcp adjust-mss command. If you captured the segment before it traversed the subinterface then the MSS is not supposed to be modified.

Best regards,

Peter

iantolko974
Level 1
Level 1
In response to Peter Paluch

‎11-19-2010 06:06 AM

Offcorse... I captured packet BEFORE subinterface using the ip tcp adjust-mss

The only way to be sure is to capture the packets on the other end of the VPN tunnel.

Thank you Peter

0 Helpful

charles.ponton
Level 1
Level 1
In response to Richard Burts

‎09-03-2024 08:49 AM

I have a scenario where I need to adjust the mss for all subinterfaces. Can I set the mss on the main interface to apply it to the subinterfaces associated with that main interface?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to charles.ponton

‎09-04-2024 07:48 AM

I am not authoritative on this. I believe that you will need to configure adjust mss on each subinterface. Perhaps someone who is authoritative on this can confirm or deny my answer.

HTH

Rick
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card