2600s, VLANs, and MTU size

Rod Schnell · ‎10-24-2012

Good day all,

The setup:

Using this setup I can pass VLAN 1 and 5 traffic. VLAN 1 can ping each of the switches with the command "pin 10.1.30.44 -t -l 1500" or similar. If I try the ping on the VLAN 5 side of things the max size I can get through is 1468. Go above and it dies.

Each of the routers has the following configuration in them. (Changes made for hostname, ip add, etc at each end.) I've tried various versions of IOS 12.1, 12.2, and 12.3 but I cannot figure out how to get them to pass a full VLAN tagged frame.

If I change the switch 1 ports to be untagged VLAN5 and tagged VLAN1 the problem moves to VLAN1 so I'm pretty sure the problem is one of MTU size and the additional bytes needed for VLAN tagging.

Router1#sh run

Building configuration...

Current configuration : 855 bytes

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router1

!

ip subnet-zero

no ip routing

no ip finger

!

bridge irb

!

interface FastEthernet0/0

no ip address

no ip route-cache

no ip mroute-cache

speed 100

full-duplex

no cdp enable

bridge-group 1

!

interface Serial0/0

no ip address

encapsulation ppp

no ip route-cache

no ip mroute-cache

service-module t1 clock source internal

service-module t1 timeslots 1-24

no cdp enable

bridge-group 1

!

interface BVI1

ip address 10.7.200.3 255.255.255.0

no ip route-cache

no ip mroute-cache

!

ip classless

no ip http server

!

no cdp run

route-map rtr permit 10

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

password xxxxx

transport input none

line aux 0

line vty 0 4

password xxxxx

login

!

end

shillings · ‎10-25-2012

You're Pinging from a Windows machine, so 1472 Bytes equates to a full-size 1500 Byte packet. Therefore, 1468 Bytes suggests the 4-Byte VLAN tag is the culprit, as you suggest.

Sounds like your routers and/or switches won't accept baby giant frames - i.e. frames between 1518 and 1600 Bytes. Therefore, any full-size 1518 Byte frame with a VLAN tag added will just be fragmented, unless the DF bit is set.

You can try to either increase the L2 frame MTU to 1522 Bytes or reduce the L3 IP packet MTU to 1496 Bytes. The former increases the frame size in order to accept the VLAN tag. The later slightly decreases frame payload size in order to leave space for a larger frame header and thereby meet the existing max frame MTU of 1518 Bytes.

Increasing max frame MTU is more preferable, because is doesn't impact the standard Ethernet max IP MTU of 1500 Bytes.

Rod Schnell · ‎10-25-2012

I understand all of that and it makes sense. The question is how? I know I can use mtu=xxxx (1522) on the BVI and on the S0/0 but that doesn't seem to have any effect. Am I missing something somewhere in the configs or are the 2600's not capable?

shillings · ‎10-25-2012

Sorry, was mixing up Cisco with Junpier. Cisco default frame MTU is 1500 Bytes. This only reflects the data payload element, not the headers and CRC. Therefore, I presume amending this MTU value won't make any difference to your VLAN tag, becuase this setting only relates to the payload size.

Also, doing some digging, it appears IEEE 802.3ac increased the default Ethernet frame size to 1522 Bytes in order to accomodate a 4-Byte VLAN tag as standard. The latest 12.3(3i) IOS for a 2610 supports VLAN trunking, so I presume they are OK. What about your HPs - are they very old switches?

Also, I know you're bridging, but surely you need an Ethernet subinterface with encapusaltion command to terminate VLAN5? Must admit I've never setup something quite like this, reference the bridging of Ethernet and E1. As you'd be routing across the serial link between the BVI interfaces, then I don't think the serial MTU is relavant anyway, beacuse the VLAN ID will be stripped off - i.e. it's a routed link.

Rod Schnell · ‎10-26-2012

HP Switches are HP 2610-24 J085A, so whilst brand new outta the box I'm gonna say "fairly new".

I have an IOS 12.3 (??) and it does give me the ability to create sub-interfaces and such. Can't bridge those beacuse then VLAN1 sees VLAN5 and the other way around. I'm not opposed to doing routing and such I just am not very knowledgable nor proficent at it yet.

I know the switches work and are set up correctly because if I remove the routers and use a cable the problems go away and everything works (at least the way I think it should and the way I want it to).

The main reason for the routers is to convert Ethernet to T1 on one side and then back on the other whilst carrying tagged VLAN traffic. So far I've not been able to make this work except with packet lengths less than or equal to 1468. ie Windows XP command: ping xxx.xxx.xxx.xxx -t -l 1468 on VLAN 5 (with switch ports 1 Tagged on 5 and untagged on 1) gives the reply from response and if we increase it to -l 1500 it gives a request timed out response. If I swap the tagging on the switch ports the problem moves with the TAGGED vlan.

shillings · ‎10-26-2012

You could try encapsulation hdlc on the serial of each router, but otherwise, I really haven't done enough bridging to understand what the issue is.

This might help if no one has any ideas:

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t3/feature/guide/dtbridge.html