cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Choose one of the topics below for SD-WAN Resources to help you on your journey with SD-WAN

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.

1356
Views
20
Helpful
5
Replies
Highlighted

SDWAN transport interface with sub interface

Hello Experts,

 

Has anyone experienced a problem with ISR 4K when the transport interface is a sub interface ?.. I have my transport interface to be configured as sub interface and I understand that I have to reduce the MTU by 4 byte. When I do the initial configuration, I set the tunnel and set the physical interface under the tunnel but it does not allow me to commit and giving me an error saying the interface mtu has to be reduced under vpn 0, but at that stage there is no vpn 0 configuration in the command line .. Has someone come across the same ?

 

Thanks in advance

Harish

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Thanks Daniel

 

The issue turned out to be a missing encapsulation (vlan tag)  on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but  that was not the case in the ISR

 

So in  nutshell, if the sub interface has an mtu value  4 byte less  than the physical  and an encapsulation should be good.

 

thanks

Harish

View solution in original post

5 REPLIES 5
Highlighted

Increase the MTU on parent interface and check once.

 

 

Highlighted
Cisco Employee

use 'ip mtu <mtu>' command on ISR to set the MTU.

Highlighted
Rising star

When using subinterfaces, the physical interface must be configured in VPN 0. The subinterfaces can then be configured in the service VPNs. I normally set the physical interface to be MTU 1504 bytes so that the subinterfaces can use 1500 bytes.

Daniel Dib
CCIE #37149
CCDE #20160011

Please rate helpful posts.
Highlighted

Thanks Daniel

 

The issue turned out to be a missing encapsulation (vlan tag)  on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but  that was not the case in the ISR

 

So in  nutshell, if the sub interface has an mtu value  4 byte less  than the physical  and an encapsulation should be good.

 

thanks

Harish

View solution in original post

Highlighted

Hi Daniel, Is there any specific reason, to configure physical interface in VPN0 & sub interface in service VPN only?

Why cant the physical interface also be an part of service VPN? I didn't understood logic here.