01-22-2013 11:21 PM - edited 03-04-2019 06:48 PM
Hi all,
Here's a show log from our router.
Issue is intermittent connection to the internet / inter-office network.
sh log
Syslog logging: enabled (0 messages dropped, 14 messages rate-limited, 23 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 3353 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 3338 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 5057 message lines logged
Logging Source-Interface: VRF Name:
--More--
Log Buffer (16384 bytes):
face Tunnel60, changed state to down
Jan 23 03:41:03.539: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is down: interface down
Jan 23 03:47:23.266: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 23 03:57:43.615: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 23 04:08:13.092: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 23 04:18:42.337: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 23 04:34:21.317: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 23 04:37:56.050: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel60, changed state to up
Jan 23 04:37:58.962: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is up: new adjacency
Jan 23 04:38:11.107: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel60, changed state to down
Jan 23 04:38:11.107: %DUAL-5-NBRCHANGE: EIGRP-IPv4 89: Neighbor 10.255.255.94 (Tunnel60) is down: interface down
Could please someone advise how to fix this issue?
I tried to set ip mtu 1422 on the tunnel interface but still not resolved.
Regards,
Jenalyn
01-23-2013 12:00 AM
Hi
can u try with MTU of 1400
Thanks
01-23-2013 12:09 AM
set MTU 1400 on both sides
01-23-2013 12:25 AM
Hi mahmoodmkl,
Thank you for your prompt response.
I already tried changing the MTU to 1400 on Tunnel60, i will check if this will work.
But do I really need to configure the mtu size on tunnel interface?
Because most of our sites do not have mtu configured on their tunnels.
Also, when I configue the MTU size on the source router, do I have to configure it as well on the destination router?
Regards,
Jenalyn
01-23-2013 12:27 AM
Hi
yes u can try configuring the mtc under the tunnel interfaces and it should match at both ends.
Thanks
01-23-2013 12:29 AM
Also, when I do "show int tunnel" it says MTU 17874 bytes but if I do "show ip int Tunnel" it says MTU is 1400 bytes.
Could you please advise what's the difference?
Regards,
Jenalyn
01-23-2013 12:48 AM
Hi,
I configured MTU 1400 on both end but still have the same error when I enable term mon.
This error apprear:
Jan 23 08:46:16.084: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Please advise.
Regards,
Jenalyn
01-23-2013 02:02 AM
Hi,
It seems so wierd, the tunnel interface keeps on changing back to MTU 1422.
Also, I tried remove the mtu set on the interface and after the same error appear, ip mtu 1422 is set again automatically.
Do you think it is a bug?
Please advise.
Regards,
Jenalyn
01-24-2013 02:20 AM
Hi,
Anyone who could help me on this issue?
Tunnel interface still keeps on giving me an error:
Jan 24 10:07:11.219: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel8601 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1434
Jan 24 10:09:59.328: %TUN-4-MTUCONFIGEXCEEDSTRMTU_IPV4: Tunnel81 IPv4 MTU configured 1438 exceeds tunnel transport MTU 1436
I think, the tunnel automatically sets the mtu size.
Also, here is the output of "show int tunnel". It is obvious that the MTU is too high on both tunnel.
phmnlccent-gw-3#sh int Tunnel8601
Tunnel8601 is up, line protocol is up
Hardware is Tunnel
Description: ipsec vti to cnshaccent-gw-3
Internet address is 10.255.255.109/30
MTU 17874 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 63/255, rxload 255/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 116.xxx.xxx.x, destination 116.xxx.xxx.x
Tunnel protocol/transport IPSEC/IP
Tunnel TTL 255
Tunnel transport MTU 1434 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "ipsec-vti")
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d02h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2823
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 272000 bits/sec, 32 packets/sec
5 minute output rate 25000 bits/sec, 24 packets/sec
4428327 packets input, 3070813493 bytes, 0 no buffer
Received 0 broadcasts (20066 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2279036 packets output, 331538488 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
phmnlccent-gw-3#sh int Tunnel81
Tunnel81 is up, line protocol is up
Hardware is Tunnel
Description: ipsec vti to jpnrtdcmit-gw-1
Internet address is 10.255.255.121/30
MTU 17876 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 33/255, rxload 255/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 116.214.104.4, destination 210.196.112.193
Tunnel protocol/transport IPSEC/IP
Tunnel TTL 255
Tunnel transport MTU 1436 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "ipsec-vti")
Last input never, output never, output hang never
Last clearing of "show interface" counters 08:33:40
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 622
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 105000 bits/sec, 10 packets/sec
5 minute output rate 13000 bits/sec, 10 packets/sec
798722 packets input, 823342175 bytes, 0 no buffer
Received 0 broadcasts (6545 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
644000 packets output, 96761110 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Could please someone help me fix this issue?
Regards,
Jenalyn
01-24-2013 02:22 AM
Hi
what is the mtu on the physical interface which is sourcing this tunnel
Sent from Cisco Technical Support iPhone App
01-24-2013 06:05 PM
Hi,
MTU on physical interface is the default - 1500.
Regards,
Jenalyn Fobes
01-24-2013 06:22 PM
Hi,
I also noticed that on the "show ip int" output, it has this:
Input features: Virtual Fragment Reassembly, IPSec input classification, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: IPSec output classification, IPSec: to crypto engine, Post-encryption output features
Is this related? how to change it?
Regards,
Jenalyn
03-11-2013 06:12 AM
Hi Jenna
It is strange that MTU for physical interface is 1500 cause it should something around 18670
"show ip interface tunnel" --> should give MTU for tunnel
"show interface tunnel" ---> should give MTU of physical interface + 14 (as i remember)
May you post O/P of below commands for physical interface
show interface gix/y | i MTU
show ip interface gix/y | i MTU
Thanks
Regards
Sherif Ismail
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide