Cisco Firewall :: Support Of Jumbo Frames On ASA 5500 Firewall Appliance?
Feb 28, 2010
Can any ASA 5500 in particular the ASA5510 firewall support jumbo frames (i.e. greater than the default standard 1500 Bytes frames)?. I plan to use the ASAs to setup a point-to-point IPSec tunnel and need an Application frame of 4Kbytes intact and not segment it.I have done little checking on the Cisco Website and see it mention of Jumbo frames on the 5580 on 10Gig interface but didn't see mention 5510. 5580s are way over-kill and expensive for what I need is to run a mission critical one IPSec point-to-point with maximum of no more than 100Kbps so 5510 is perfect for me but not sure if it can carry the jumbo frame?
On the routers and switches it's the MTU settings and they are configurable per interface and I am OK and the circuit is T1 which the Telcos said it's OK since it's physical layer so the only unkown is the firewall.
View 2 Replies
ADVERTISEMENT
Dec 20, 2012
Region : Argentina
Model : TL-WR1043ND
Hardware Version : v1
Firmware Version :
Does WR1043D support jumbo frames?
View 1 Replies
View Related
May 28, 2012
I've enabled jumbo frames in Networking -> LAN (Local Network) -> Jumbo Frames on an RV180W running the base firmware (1.0.0.30).The switch seems to pass jumbo frames just fine (like ... almost every switch these days), but the router itself silently drops jumbo frames.ss this a known bug?This makes enabling jumbo frames on clients impossible, since it will break some external connectivity. (I.E. when two endpoints are on networks with jumbo frames, they will then negotiate a high MTU over the WAN, but the router will silently drop large frames and they won't get an ICMP Fragmentation Needed, etc. because the router simply drops large frames).
View 7 Replies
View Related
Jun 11, 2012
I currently have 4 3560 switches connected in a Mesh topology. These are all set to use Jumbo Frames and so are all the Servers that are connected to these.I now need to connect a 2950 switch to 2 of the 3560's which will have only desktop computers connected to it but i do not want to configure Jumbo Frames on this and any of the desktops.
View 3 Replies
View Related
Jan 8, 2013
I have two switches: Nexus 3064 (ver 5.0(3)U1(2)) and Cisco 6509.The 6509:
1 x WS-x6708-10GE 8 port Ten Gig module version 3.5, firmware 12.2(18r)S1.
2 x sup 720's, with PFC3A.
2 x WS-x6348-rj-45
4 x WS-x6748-ge-tx
The IOS is ipservicesk9-mz 12.2(33)SXH8b.Both switches have been running fine for quite a while(not connected to each other). I then ran a fiber connection between port Nexus:1/48 and 6509:Te9/1.When I ping (of any packet size) from the Nexus to the 6509 @172.19.4.254, the 6509's CPU goes to 100%. On occasion, we will get 1 out of 20 packets back in the reply.I reduced the MTU size on the three 6509 parameters until the CPU stopped going 100%.The magic number is 4175 bytes. 4176 and higher == 100% CPU.I am willing to put the fiber link to 1500, but how does one change that for just one port on the Nexus? I tried and it refuses to set the mtu. I also tried to setup a new service-policy but that didn't seem to work either.The Nexus users are all jumbo frame users. The users on the 6509 are all 1500 byte frame users, except for one user on a 1 gig port (ws-6748-ge-tx) line card. It is this user whom would like jumbos.
View 2 Replies
View Related
Aug 11, 2011
What am I missing - can't get my new SG 200-08 Switch to handle Jumbo Frames
I have set the MTU size to 9216, saved the conf. and rebooted the box - however when I try to "ping -f -l 8000 xxx.xxx.xxx.xxx" through it (or to the switch itself) I recieve only "Request timed out"!?
I have tried MTU=9000 as well.....
F/W: 1.0.1.0
Is there anything, apart from increasing the MTU size, that needs to be done?
View 4 Replies
View Related
Dec 8, 2012
I've to enable it on 3750 and nexus 7K switches. what are the steps involved? can we enable jumbo frame per port instead of enabling globally? i.e. we will only have few ports that will be using jumbo frames, rest of the ports will be using default 1500 MTU size.
View 6 Replies
View Related
Apr 16, 2013
We have a requirement to send span traffic to a destination port for monitoring purposes on two 5000s with some 2000 fex boxes attached.
Some of the servers are making use of frames larger than 1500. we have not changed any mtu configuration on the 5000 since installation, and I can see the policy maps is still on 1500.
My first assumption would be that frames larger than 1500 will not be dropped, but it seemingly not (see below). is there a reason why the switch would forward jumbo frames? Also, is there a limitation on MTU for span traffic? There is a MTU command under the span session, but the maximum is 1518. From what I can read the frame will be truncated if it exceeds this. Does that mean the fragments will be dropped?
RX
7495685816 unicast packets 249 multicast packets 147899 broadcast packets
7495833963 input packets 1426823388087 bytes
1608134 jumbo packets 0 storm suppression bytes
[Code]....
View 1 Replies
View Related
Jul 3, 2011
How do I turn on jumbo frames on the e3200? I am using 1.0.01 firmware.
View 3 Replies
View Related
Sep 28, 2008
On a 3750 switch, is it possible to configure jumbo frames only on certain interfaces and leave the other ones as they are?
View 9 Replies
View Related
Jul 5, 2012
I believe i've enable jumbo frames on our Nexus 7010, one in each data-centre.
system jumbomtu 9216. Also on the interfaces mtu 9216. And can see MTU 9216 bytes, BW 20000000 Kbit, DLY 10 usec on the port-channel between them. Though when i ping between vlans at each site with large packets i get 30% drops and if i set the DF bit in IP header to yes - 100% loss.
8798 bytes from 10.200.12.2: icmp_seq=19 ttl=254 time=8.024 ms --- 10.200.12.2 ping statistics ---20 packets transmitted, 14 packets received, 30.00% packet loss
View 10 Replies
View Related
Oct 25, 2011
I understand that jumbo frames need to be enabled end-to-end. I have two ESX hosts connected at each site. I want to enable jumbo frames for those ports, but what if not all host on the ESX are using jumbo frames, will I have drops and connection failures? So if i have two sites, each with a 6509 connected via a trunk and need to enable jumbo frames for a vlan between the sites how do I accomplish this?If I enable jumbo frames on the trunk link how does that impact other traffic between the sites?
View 3 Replies
View Related
May 23, 2012
I have a Cisco Nexus 3064 that I am using as part of a flat network for the Lab. I have 30 Virtualization Servers(MS HyperV and VMware vSphere) connected to this switch and I want to enable jumbo frames. The Virtualization Servers are able to ping the local VM's using 8K bytes. However I am unable to ping from server to server using 8K bytes. I have configuration (in abbreviation). All the servers are in the same network which I configured as L2 ports with the "switchport" command. However, the interface "MTU" command is unavailable in L2 mode. I am only able to get the interface "MTU" command only in L3 mode with the "no switchport" command on the interface.
# int eth1/2-45
# no switchport
# mtu 9216
# no shut
I can ping the servers with less than 1500 bytes, but anything larger fails.
View 3 Replies
View Related
Mar 24, 2012
According to this Cisco URL jumbo frames should be put into play by changing default ethernet system class.
Recommended configuration:
!--- You can enable the Jumbo MTU
!--- for the whole switch by setting the MTU
!--- to its maximum size (9216 bytes) in
[Code].....
View 2 Replies
View Related
Dec 2, 2012
I have a Cisco Catalyst 3100 blade in a Dell server chassis that is trunked to a 6509.
When doing a protocol capture, I see large frames being sent from one of the servers in the chassis.
Example:
TCP:[Continuation to #1701] [Bad CheckSum]Flags=...AP..., SrcPort=HTTP(80), DstPort=2667, PayloadLen=2831, Seq=1489611217 - 1489614048, Ack=1719592331, Win=65535
I see lengths up to 6900+ bites coming from the server.
The switch has the global MTU set to 1500
system mtu routing 1500
and I can't seem to set this at the interface level. The server is configured to send 1500 length frames. Why am I seeing these jumbos? (the server is Windows 2003)
View 2 Replies
View Related
Mar 1, 2011
I have a pair of Catalyst 3560 GB switches that are trunked with two of the standard ports, and that have trunk ports connecting to a failover pair of PIX 515e's. We're considering adding a pair of cluster database nodes and an iSCSI SAN, both of which would need a dedicated interconnect VLAN that I'd like to employ Jumbo frames on. I don't necessarily need the VLANs to traverse the firewall trunks since they're private interconnects, but I need each host to traverse the switch trunks.
Since it seems I can only enable Jumbo frames on the entire switch (current standard frame size is 1500 and jumbo is also 1500), when I enable it what kind of possible negative impact could this have on my trunked ports as well as my host connections? I've read mixed reviews of users with iSCSI SAN devices seeing terrible performance when enabling jumbo frames so I'm apprehensive about enabling them on an existing network.
View 3 Replies
View Related
Apr 16, 2013
The server team has asked me to implement jumbo frames on a single VLAN, the one they use for v motion. We have two pairs of 5548s, each pair running VPC for most connections. I am aware of many postings that describe how to enable jumbo frames globally, like this:
policy-map type network-qos jumbo
class type network-qos class-default
[code].....
I am not clear how I can extend this principle to one VLAN only.
Also, I am aware of a posting [URL], that shows some pitfalls of implementing jumbo frames in a VPC configuration. Pretty well all my connections are VPC, including all the FEXes, which are all dual-homed. In many cases, the VPC extends through to the servers so that the servers run port.channels across two FEXes. I am unclear whether the pitfalls are still valid, or whether I have to wait until my next maintenance slot (6 months away) to implement jumbo frames. Can jumbo frames be implement safely on the fly? How does enabling jumbo frames fit in with "conf sync" mode?
View 2 Replies
View Related
Oct 14, 2012
We have a number of sites which have high-speed L2 links which terminate on our L3 switches at each site. The ports are between the sites are placed in routed mode.
I would like to use Jumbo frame between two of the network which will communicate across sites and 1500 mtu on the rest, is this something which is possible?
From my understanding is the mtu is set on the interface therefore if I set the mtu on the L2 link ports on both sites to 9000 then would this cause a problem for the 1500?
View 1 Replies
View Related
Sep 17, 2012
We are currently using two Nexus 5548UP's as our Datacenter Network Core. I have a pretty simple objective: I would like to enable Jumbo Frames on a single VLAN only(VLAN 65). This VLAN is used strictly for backups. I do not want to enable Jumbo Frames on the other VLANs(VLANs 1-10). Im not sure what the best way to do this is.....or if it is even possible but I am hoping to get some configuration examples.
View 7 Replies
View Related
Nov 22, 2011
I attempted to enable jumbo frames on a Nexus 5010 (NX-OS version 4.2(1)N1(1)). I created the policy map below and lost access to the switch.
policy-map type network-qos jumbo
class type network-qos class-default
mtu 9216
After recovery I see from the logs that all vlans and interface were suspended. I've attempted to look for reasons for a compatibility issue but I am unable to find what is checked and what could have been incompatible. The other troubling thing is the adjacent switch suspended its interfaces too but no change was done there. What I need to look out for so that this does not happen again?
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 1,10,601 on Interface port-channel1 are being suspen
ded. (Reason: QoSMgr Network QoS configuration incompatible)
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-5-IF_TRUNK_DOWN: Interface port-channel1, vlan 1,10,601 down
2011 Nov 22 23:43:09 phx-ipcg1dwfcma %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 10 on Interface port-channel508 are being suspended.
[code]....
View 9 Replies
View Related
Jan 25, 2012
I purchased the license P/N: ASA-CSC20-250U-1Y with Description: ASA 5500 CSC-SSM-20 250-User License Only Renewal (1-year)
But I had a mistake because I need support to 500 users. Now, to solve my mistake I want to know Do I can purchase another ASA-CSC20-250U-1Y to provide the 500 users suppor?
I mean, ¿are two (2) ASA-CSC20-250U-1Y equivalent to the 500 user license listed below?P/N, ASA-CSC20-500U-1Y with Description: ASA 5500 CSC-SSM-20 500-User License Only Renewal (1-year)
View 1 Replies
View Related
Nov 24, 2012
I've had a read through the docs for the 3750 series switches, but nothing that definately says that jumbo frame routing will work on a SVI.One part specifically I'd like clarification on is:The default maximum transmission unit (MTU) size for frames received and sent on all interfaces on the switch or switch stack is 1500 bytes. You can change the MTU size to support switched jumbo frames on all Gigabit Ethernet and 10-Gigabit Ethernet interfaces and to support routed frames on all routed ports. It says supported routed frames on all routed ports, but this in the past has meant physical ports, and not Virtual ones.
View 2 Replies
View Related
Jan 3, 2013
I have a cisco 1841 router , and i want to configure zone based firewall on it. But the document of zone based firewall only said that "after 12.4(6)T" can support zone based firewall. I use the ios " c1841-ipbasek9-mz.124-15.T9.bin ", but it can't support ZFW. What kind of ios support ZFW. for example: ipbase, ent base, ip service ,advent etc.
View 2 Replies
View Related
Jun 13, 2012
I have an Pix 515E firewall with Pix724-33.bin IOS. I just want to know that does this IOS support SNMPV3 or I will have to upgarde it with some other version.
View 1 Replies
View Related
Mar 22, 2011
I have an @Remote appliance through Ricoh for our copiers. This appliance connects to their site to transfer meter readings and other information. This appliance can't connect to their site to transmit data. Ricoh is telling me the problem is on our firewill. I have assigned the Ricoh appliance a static IP address in our network. Our firewall is a Cisco ASA 5510. I don't have much expereince with logging on the ASA, so I'm not sure what "teardown dynamic TCP translation from inside" means. Is there something that is preventing this IP from contacting the Ricoh site? [code]
View 3 Replies
View Related
Mar 20, 2011
I m getting mention error when try to open subjected web link.
Deny TCP (no connection) from Outside:180.87.10.44/2443 (180.87.10.44/2443) to DMZ-1:a.b.c.d/1594 (w.x.y.z/17964) with follow explanations.
"The adaptive security appliance discarded a TCP packet that has no associated connection in the adaptive security appliance connection table. The adaptive security appliance looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the adaptive security appliance discards the packet."
Where, a.b.c.d = our private ip address (Natted) w.x.y.z = Public Ip address.
View 1 Replies
View Related
Jan 22, 2012
I am responding to a tender where the client is asking for the firewall to support an onboard disk drive for logging purposes, which is a minimum of 500 GB in size.
The other requirements all point towards the top of the range ASA 5585-X Chas w/SSP60,IPS SSP60,12GE, 8 SFP+,2 AC,3DES/AES.
I note the 5585 when configured on DCT comes with HDD blanking plates, is there an HDD supported on this?
View 1 Replies
View Related
Sep 20, 2011
One interace is setup as the management interface on a 1 subnet (which is our main network/domain).
Second interace is setup on a 2 subnet (eventually this will be configured to receive incoming/outgoingmail)
I copied most of the settings from our old firewall for testing purposes. I can ping our old email firewall which on 2 subnet from our main subnet (1) successfully.
The only way I can get a successful ping with the Ironprot is to have the management interface hooked into our main network. We don't want this. We do have Ironport firewall and Webfilter setup similar and working fine.Is there someway I can configure this unit to allow both subnets to talk successfully to each other without having the managment interface connected all the time?
View 1 Replies
View Related
Oct 12, 2011
How to list ports open on Cisco ASA 5505 appliance? I have tried to see using Cisco ASDM launcher, but no luck.
View 1 Replies
View Related
Aug 13, 2012
i have to open ports for vedio conferencing in my Firewall configuration ,
View 1 Replies
View Related
Jun 14, 2011
I have two ASA 5510 with Security Plus license and Shared SSL VPN licensing enabled.
The problem is that the client get “Session could not be established: session limit of 25 reached” but ther is only 6 ssl vpn user connected with AnyConnect.The software on the firewall’s is 8.2(1)Is there any BUG in this software related to this problem?
View 1 Replies
View Related
Mar 5, 2012
I have an ASA 5500 Firewall. I need to figure out how to log all events using Port 25 to determine if there are any rogue devices on our network. I was trying to figure out how to do this via the Real-Time Monitoring (filter) but have had no success.
View 1 Replies
View Related
Jun 6, 2012
I have an issue with a Cisco ASA 5520. It seems to block some emails incoming from some recipients. The sender's mail server clearly reports my ASA as cause of the problem (see attached image). Unfortunately I have not the logs about that event and the time frame to close this issue is very narrow.
View 5 Replies
View Related
