10-24-2012 02:37 PM - edited 03-07-2019 09:40 AM
Good day all,
The setup:
Using this setup I can pass VLAN 1 and 5 traffic. VLAN 1 can ping each of the switches with the command "pin 10.1.30.44 -t -l 1500" or similar. If I try the ping on the VLAN 5 side of things the max size I can get through is 1468. Go above and it dies.
Each of the routers has the following configuration in them. (Changes made for hostname, ip add, etc at each end.) I've tried various versions of IOS 12.1, 12.2, and 12.3 but I cannot figure out how to get them to pass a full VLAN tagged frame.
If I change the switch 1 ports to be untagged VLAN5 and tagged VLAN1 the problem moves to VLAN1 so I'm pretty sure the problem is one of MTU size and the additional bytes needed for VLAN tagging.
Router1#sh run
Building configuration...
Current configuration : 855 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router1
!
!
!
!
!
!
ip subnet-zero
no ip routing
no ip finger
!
bridge irb
!
!
!
interface FastEthernet0/0
no ip address
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
no cdp enable
bridge-group 1
!
interface Serial0/0
no ip address
encapsulation ppp
no ip route-cache
no ip mroute-cache
service-module t1 clock source internal
service-module t1 timeslots 1-24
no cdp enable
bridge-group 1
!
interface BVI1
ip address 10.7.200.3 255.255.255.0
no ip route-cache
no ip mroute-cache
!
ip classless
no ip http server
!
no cdp run
route-map rtr permit 10
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password xxxxx
transport input none
line aux 0
line vty 0 4
password xxxxx
login
!
end
10-25-2012 02:24 AM
You're Pinging from a Windows machine, so 1472 Bytes equates to a full-size 1500 Byte packet. Therefore, 1468 Bytes suggests the 4-Byte VLAN tag is the culprit, as you suggest.
Sounds like your routers and/or switches won't accept baby giant frames - i.e. frames between 1518 and 1600 Bytes. Therefore, any full-size 1518 Byte frame with a VLAN tag added will just be fragmented, unless the DF bit is set.
You can try to either increase the L2 frame MTU to 1522 Bytes or reduce the L3 IP packet MTU to 1496 Bytes. The former increases the frame size in order to accept the VLAN tag. The later slightly decreases frame payload size in order to leave space for a larger frame header and thereby meet the existing max frame MTU of 1518 Bytes.
Increasing max frame MTU is more preferable, because is doesn't impact the standard Ethernet max IP MTU of 1500 Bytes.
10-25-2012 06:05 AM
I understand all of that and it makes sense. The question is how? I know I can use mtu=xxxx (1522) on the BVI and on the S0/0 but that doesn't seem to have any effect. Am I missing something somewhere in the configs or are the 2600's not capable?
10-25-2012 01:15 PM
Sorry, was mixing up Cisco with Junpier. Cisco default frame MTU is 1500 Bytes. This only reflects the data payload element, not the headers and CRC. Therefore, I presume amending this MTU value won't make any difference to your VLAN tag, becuase this setting only relates to the payload size.
Also, doing some digging, it appears IEEE 802.3ac increased the default Ethernet frame size to 1522 Bytes in order to accomodate a 4-Byte VLAN tag as standard. The latest 12.3(3i) IOS for a 2610 supports VLAN trunking, so I presume they are OK. What about your HPs - are they very old switches?
Also, I know you're bridging, but surely you need an Ethernet subinterface with encapusaltion command to terminate VLAN5? Must admit I've never setup something quite like this, reference the bridging of Ethernet and E1. As you'd be routing across the serial link between the BVI interfaces, then I don't think the serial MTU is relavant anyway, beacuse the VLAN ID will be stripped off - i.e. it's a routed link.
10-26-2012 02:14 PM
HP Switches are HP 2610-24 J085A, so whilst brand new outta the box I'm gonna say "fairly new".
I have an IOS 12.3 (??) and it does give me the ability to create sub-interfaces and such. Can't bridge those beacuse then VLAN1 sees VLAN5 and the other way around. I'm not opposed to doing routing and such I just am not very knowledgable nor proficent at it yet.
I know the switches work and are set up correctly because if I remove the routers and use a cable the problems go away and everything works (at least the way I think it should and the way I want it to).
The main reason for the routers is to convert Ethernet to T1 on one side and then back on the other whilst carrying tagged VLAN traffic. So far I've not been able to make this work except with packet lengths less than or equal to 1468. ie Windows XP command: ping xxx.xxx.xxx.xxx -t -l 1468 on VLAN 5 (with switch ports 1 Tagged on 5 and untagged on 1) gives the reply from response and if we increase it to -l 1500 it gives a request timed out response. If I swap the tagging on the switch ports the problem moves with the TAGGED vlan.
10-26-2012 03:13 PM
You could try encapsulation hdlc on the serial of each router, but otherwise, I really haven't done enough bridging to understand what the issue is.
This might help if no one has any ideas:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide