Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6146
Views
20
Helpful
6
Replies

SDWAN transport interface with sub interface

Go to solution
Harish Balakrishnan
Spotlight
Spotlight

‎07-29-2019 07:33 AM

Hello Experts,

 

Has anyone experienced a problem with ISR 4K when the transport interface is a sub interface ?.. I have my transport interface to be configured as sub interface and I understand that I have to reduce the MTU by 4 byte. When I do the initial configuration, I set the tunnel and set the physical interface under the tunnel but it does not allow me to commit and giving me an error saying the interface mtu has to be reduced under vpn 0, but at that stage there is no vpn 0 configuration in the command line .. Has someone come across the same ?

 

Thanks in advance

Harish

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harish Balakrishnan
Spotlight
Spotlight
In response to daniel.dib

‎08-22-2019 11:37 PM

Thanks Daniel

 

The issue turned out to be a missing encapsulation (vlan tag)  on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but  that was not the case in the ISR

 

So in  nutshell, if the sub interface has an mtu value  4 byte less  than the physical  and an encapsulation should be good.

 

thanks

Harish

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Srikanth Reddy Navuluri
Level 1
Level 1

‎08-02-2019 05:26 AM

Increase the MTU on parent interface and check once.

 

 

Go to solution
HashamM
Cisco Employee
Cisco Employee

‎08-02-2019 06:41 AM

use 'ip mtu <mtu>' command on ISR to set the MTU.

Go to solution
daniel.dib
Level 7
Level 7

‎08-22-2019 10:49 PM

When using subinterfaces, the physical interface must be configured in VPN 0. The subinterfaces can then be configured in the service VPNs. I normally set the physical interface to be MTU 1504 bytes so that the subinterfaces can use 1500 bytes.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.

Go to solution
Harish Balakrishnan
Spotlight
Spotlight
In response to daniel.dib

‎08-22-2019 11:37 PM

Thanks Daniel

 

The issue turned out to be a missing encapsulation (vlan tag)  on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but  that was not the case in the ISR

 

So in  nutshell, if the sub interface has an mtu value  4 byte less  than the physical  and an encapsulation should be good.

 

thanks

Harish

0 Helpful

Go to solution
mahesh11288
Level 1
Level 1
In response to daniel.dib

‎10-13-2020 01:52 AM

Hi Daniel, Is there any specific reason, to configure physical interface in VPN0 & sub interface in service VPN only?

Why cant the physical interface also be an part of service VPN? I didn't understood logic here.

0 Helpful

Go to solution
wsacharo
Cisco Employee
Cisco Employee
In response to mahesh11288

‎11-02-2022 03:40 PM

Greetings, you place the major interface in VPN 0 since in the older code it had to go somewhere. It does not have an IP address on it in this VPN, it just lives there as a holding spot. Then you can place 1 or more sub interfaces into the desired service side VPNs. In more current code this is no longer an issue and you do not have to place the major interface in VPN 0. 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents