07-29-2019 07:33 AM
Hello Experts,
Has anyone experienced a problem with ISR 4K when the transport interface is a sub interface ?.. I have my transport interface to be configured as sub interface and I understand that I have to reduce the MTU by 4 byte. When I do the initial configuration, I set the tunnel and set the physical interface under the tunnel but it does not allow me to commit and giving me an error saying the interface mtu has to be reduced under vpn 0, but at that stage there is no vpn 0 configuration in the command line .. Has someone come across the same ?
Thanks in advance
Harish
Solved! Go to Solution.
08-22-2019 11:37 PM
Thanks Daniel
The issue turned out to be a missing encapsulation (vlan tag) on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but that was not the case in the ISR
So in nutshell, if the sub interface has an mtu value 4 byte less than the physical and an encapsulation should be good.
thanks
Harish
08-02-2019 05:26 AM
Increase the MTU on parent interface and check once.
08-02-2019 06:41 AM
use 'ip mtu <mtu>' command on ISR to set the MTU.
08-22-2019 10:49 PM
When using subinterfaces, the physical interface must be configured in VPN 0. The subinterfaces can then be configured in the service VPNs. I normally set the physical interface to be MTU 1504 bytes so that the subinterfaces can use 1500 bytes.
08-22-2019 11:37 PM
Thanks Daniel
The issue turned out to be a missing encapsulation (vlan tag) on the sub interface which is not required on the vpn 0 as per the documentation as it inherits from sub interface number, but that was not the case in the ISR
So in nutshell, if the sub interface has an mtu value 4 byte less than the physical and an encapsulation should be good.
thanks
Harish
10-13-2020 01:52 AM
Hi Daniel, Is there any specific reason, to configure physical interface in VPN0 & sub interface in service VPN only?
Why cant the physical interface also be an part of service VPN? I didn't understood logic here.
11-02-2022 03:40 PM
Greetings, you place the major interface in VPN 0 since in the older code it had to go somewhere. It does not have an IP address on it in this VPN, it just lives there as a holding spot. Then you can place 1 or more sub interfaces into the desired service side VPNs. In more current code this is no longer an issue and you do not have to place the major interface in VPN 0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide