Cisco :: Behavior Of Routers When Overhead Is Added On Packet?
Jun 5, 2012
I am researching on the behaviors of routers when MTU is increased beyond the MTU set in the routers. Also, when I use jumbo frames instead of normal MTU, how does it affect the network. So, what I plan to do is
LAN_A -- > blackbox --> WAN --------> WAN --> blackbox --> LAN_B
All the traffic coming from LAN_A will be of size 1500 Bytes or less. The blackbox in the center will add an overhead of 4 bytes, recalculate the CRC and transmit the packet on the WAN side. I wanted to know that:
1- if my LAN router and WAN router, both are set at 1500 MTU, then will WAN router drop the packet if it receives a packet greater than 1500B ?
2- If i keep my LAN side to 1500 MTU and I switch my WAN router to Jumbo frames, how will this configuration affect the complete network ? Will it work or not ?
3- I want to add the overhead on every packet coming in from LAN side, so, what options do I have to achieve this goal ?
PS. All types of traffic can come from LAN side.
View 2 Replies
ADVERTISEMENT
May 5, 2010
How to reconcile what I've observed on our routers on a tunnel interface. The maximum amount of data I can get across the tunnel is 1339 bytes, which seems just a little bit too small. Background: we have two 3845 routers with IOS 12.4(3a) advanced ip services. I have tunnel interfaces on both routers, interface configs are below.
crypto ipsec transform-set MY_TSET esp-3des esp-sha-hmac comp-lzs crypto ipsec profile MY_VTIset transform-set MY_TSET
[ Code]..
When I test the mtu of the source destination interfaces I get 1500 bytes, as you would expect from an Ethernet connection to a service providers MPLS network. See output below:
Router1#ping ip 10.252.0.18 df-bit size 1500
[Code]...
When I test the mtu of the tunnels I get 1339 bytes, see the output below.
router1#ping ip 10.1.40.133 df-bit size 1340
Type escape sequence to abort.Sending 5, 1340-byte ICMP Echos to 10.1.40.133, timeout is 2 seconds:Packet sent with the DF bit setM.M.MSuccess rate is 0 percent (0/5)
[Code]...
That comes to a total of 1420, which is 80 bytes short of the mtu of the source/destination interface of the tunnel.
View 4 Replies
View Related
Jun 24, 2012
Ethernet frame overhead due to encryption protocols used, and how can it be resolved?
View 1 Replies
View Related
May 23, 2012
I upgraded a pair of ASA 5520s from ASA 8.3 to ASA 8.4(4) this week and now my DMZ hosts cannot reliably communicate with eachother. I have a DMZ network of 10.20.20.16/28 configured. 10.20.20.17 is the ASA/Gateway and 10.20.20.19 is one host and 10.20.20.20 is another host. These two hosts had no problem communicating with eachother before the upgrade. Now, they usually cannot communicate with eachother. Occasionally they can communicate, but only for a few minutes. What is strange is I never had any access lists for these hosts to talk with eachother before the upgrade (because their traffic to eachother should have never reached the firewall) but now I needed to create an access list on the DMZ interface allowing these two hosts to talk. ICMP works fine, but only if the ACL is in place. TCP rarely works.
View 2 Replies
View Related
Aug 24, 2012
In case I configure duplicate IP addresses to the same VLAN(two interfaces in VLAN 1100 have IP address 192.168.2.2) I see following ARP messages rapidly(those six messages were received in less than 2ms time-frame)
View 2 Replies
View Related
Jun 21, 2012
In the last 8 month I have been upgrated at least 6 Cisco ASA 5505 from 8.2(1) to 8.4(3) without problems, I did a minor changes and all related to rules due a problem with the migration.
View 1 Replies
View Related
Dec 14, 2011
We have a lab network set up with a 7609 router as the central core. Scenario: Laptop with a SIP client. In the lab is a session border controller that will route signaling and media to a SIP gateway with a call agent (172.23.112.201) and a media "handler" (172.23.113.6). The call processing device will forward packets to an RF network (108.x.x.x) where an NCS cable modem sits.Call signaling works perfectly fine. However, RTP traffic from the laptop to the NCS phone is getting routed incorrectly. RTP traffic from the phone to the laptop works fine. [code]
Packet captures show the laptop to phone RTP packets are being routed back towards the corporate router. These time out with ICMP TTL exceeded packets. There are static routes for 172.23.113.0/27 to the optical interfaces that go to the SIP gateway. Interestingly, I can ping an IP on the SIP gateway (not used for media, but is pingable) in that static range (172.23.113.1) just fine from the 7609 (i.e. it's not getting routed to the corporate router). Unfortunately, the IP for the media endpoint on the SIP gateway is not pingable. Config for the 7609 is attached.
View 2 Replies
View Related
Feb 5, 2012
I have a weird situation with some switches.
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56.
Switch 56 can ssh into Switch 55 and ssh into Switch 57
Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
View 9 Replies
View Related
Apr 16, 2012
We have instructed our user community to start their VPN sessions by connecting to our ASA 5520 with a browser to download (if necessary) and initiate the Anyconnect essentials VPN client. Everything was working fine until a few days ago.
We have had several people report the same problem. They connect with the browser, enter their login information and are greeted with our "authorized use only" message by the ASA. Then, instead of downloading (if necessary) and starting the VPN client software, the web page just goes back to the login prompt without displaying any error message. The client software is never downloaded or started.
We've been able to work around this by installing the client software manually (where necessary) and starting the VPN client from the start menu. However, this isn't our preferred solution because this method won't have them automatically picking up updated versions of the VPN client.
We have seen this behavior before when there was a pending Java update that had not been applied. However, that doesn't seem to be the case this time. Clients have recently updated to IE9, but I have personnally been running the Anyconnect client and launching through IE9 for months.
View 8 Replies
View Related
Nov 16, 2012
I'm trying to implement some best practices for ASA running on Software Release 8.2 and had a question about the default security-level behavior. Let's say I have 3 interfaces...
-inside (security-level 100)
-dmz (security-level 50)
-outside (security-level 0)
I have an ACL on the inside interface allowing http access to anywhere. Because of the ACL, the implicit higher to lower security level access is nullified. Correct?
I do NOT have any ACL on the dmz interface applied. So, would the servers in the dmz be allowed outbound access to the Internet due to the default higher to lower security level behavior?
View 3 Replies
View Related
Mar 6, 2011
I'm trying to set up a network comprised of three LANs connected by serial. As this is a small part of an assignment I've been instructed to subnet into /26 and to use /30 subnets for my serial connections.At the moment I can ping between devices on each of the LANs but I can't ping between routers at all. Embarrassingly I'm not sure why, I think it may be something I've missed on setting up the serial links as I have set routers up fine before using other connection types.
View 12 Replies
View Related
Jan 30, 2012
Document at url... is quite interesting,One of these goes about the behavior of a switch (2960-S and 3750G) when QoS is not enabled vs the one when QoS is simply enabled with "mls qos".What additional commands, beside "mls qos", would be needed so as to simulate as accurately as possible the switch's behavior when QoS is not enabled?
View 3 Replies
View Related
Sep 16, 2011
I am having issues where different laptops are dropping packets when communicating to the WAP on the RV220W. I have placed 3 laptops directly next to the router so there is no chance for walls to interfere. From each machine 1 at a time I perform a continuous ping. Here is a quick output from one of them:
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time=3ms TTL=64
[Code].....
View 14 Replies
View Related
Dec 14, 2011
here's my setup :
office 1 :
rv042 hw3
ISP:Obtain an IP automatically
office 2 :
rv042 hw3
ISP:PPPoE
VPN tunnel between both rv042, everything's fine but when i try to ssh from office 2 to an office 1's server, my connection drops.
When it drops, i can still ping pc in office 1, this is really strange!if i change the office 2 ISP to another provider (obtain an IP automatically) everything's ok !
i try to use another PPPoE ISP for office 2 and it's doing the same thing!I've also tried other rv042 in both locations with the same setup and it's doing the same thing, so it's not a router issue.
i've tried older firmware and it's doing the same thing, so it's not a firmware issue!
View 3 Replies
View Related
Aug 14, 2012
I configure multiple static RPs and one of the ACLs denies a source will it move on to the next entry that covers it in another acl? [code] i.e. 1.1.1.1 will be used as the RP for 224 to 238 and 2.2.2.2 will be used as the RP for 239.Will that work correctly, i.e. if a source is trying to register with the router and its for the group 239.1.1.1, will it be denied against the first RP and then permitted against the second RP?
View 2 Replies
View Related
Aug 28, 2012
Recent incountered an issue with our elastix pbx and packet loss. Noticed this morning that when I turn on the firewall on our RV082, packet loss begins around the level 3 servers I see in my traceroute, and then slow spread out to all hops. When I turn the firewall back off, all hops have no packet loss or less than 1%. The weird part is, previously, I had the firewall enabled, and never had this issue.
View 2 Replies
View Related
Nov 8, 2011
I have a RV220W with the latest firmware (1.0.2.4) and I loose about one in every 20-40 packets.
I have tried with both wireless/wired, on different ports, laptops, and Ethernet cables.
My configuration is fairly simple:
1.) I reconfigured the default subnet
2.) I setup a WAP on the same vlan (VLAN1)
3.) I setup a WAP on Vlan2 for guests
Other than that, settings are out of box (save a hostname/etc).
just purchased it, and am thinking I'll have to phone Cisco for RMA.... There is a similar thread where people noticed this on wireless (not sure if they tried wired as I have). RV220W Packet Loss over wireless
View 32 Replies
View Related
Oct 29, 2012
On several calls i noticed that the outgoing audio stops for 5..15 seconds randomly. I'd say it happens on an average of every 5 minutes.
When this happens, i can see that the value after "Call1 Packet error:" increases by one. Why just a wrong packet may stop the outgoing audio for so long? i've much more packet losts (about 3%) but they give me no problem at all.
Since a little and cheaper Handytone HT502 gave me intermittent audio too, but the effect was much better (audio still stops, but in a second it comes back), i wonder if is there something i can do by tweaking the WRP400 settings, I'm still using firmware 1.01.00.
View 7 Replies
View Related
Oct 27, 2011
I've just been testing QOS on 3560 with version 15.0(1) and it seems the the default qos trust behavior on access ports has changed. By default the trust state of a port is not to trust anything, however rather than rewriting the DSCP value of the incoming packets and settign it to 0 the switch now seems to leave the DSCP value unchanged.
SW04-C3560(config)# do sh mls qos int g0/2
GigabitEthernet0/2
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
[Code]......
View 4 Replies
View Related
Nov 13, 2011
I am installing LMS 4.0 in my site newly I have nearly 1000 devices in network .When i had tried the autodiscovery mode using ping sweep method the devices are getting discovered but showing us unreacheable . All the devices are going under unreacheable no devices are getting added to the DCR .SNMP settings are configured correctly.
whether the autodiscovery will add the devices to DCR or i need to add the devices manually.As per my requierement i need to configure below things , is it possible to configure the same
1)LMS as SYSLOG server
2)LMS should send EMAIL notification if device goes down , interfaces goes down , memory / cpu goes high ,switch module goes down
3)Need to know if cisco releases new device packages how we will update to the cisco works .
View 4 Replies
View Related
Aug 26, 2012
i have planned a deployment with one acs in Europe working as primary, one acs in europe as secondary and one acs in USA as secondary also.
I can add one acs in europe to the deployment as secondary. When I try to add the acs in USA to the deployment - Nothing really works.
The status shown in the primary is offline (red) and status pending. It stays like this for hours. When I log in to the gui directly on the acs in USA, it still has status primary.
The two acs are transparently connected. There is WAN optimization (cisco waas) in between the two datacentres..
View 1 Replies
View Related
May 30, 2011
We have just installed LMS 4.0.1 and started to discover parts of the network. After the discovery process finished successfully - 100+ new devices were added to DCR message - I was able to see the devices by clicking on their number but when I go to Inventory-Add/Import/Manage Devices I cannot see any device in the Group that I created.If I restart the CiscoWorks Daemon Manager process the newly discovered devices are added to the custom Group. This seems like a bug as I had a LMS 4.0 evaluation installation a few months ago and device discovery was working fine meaning the devices were added immediately to the Inventory.
View 4 Replies
View Related
Aug 22, 2012
I am pretty new to Cisco - and I have a little 506E that I love. I got it working with my first scenario where I have one server that is my web, and e-mail server.I also opened the RDP port so I can remote into it. The IP's for the old server are internal 192.168.1.23 name ferbweb-external 71.12.111.219 name ferbwebpub. Now - I need to add another server in the exact same way with the same ports 80, 25, and 3389 open to the outside - IP's internal 192.168.1.31 name ferbmail and external 71.12.111.220 name ferbmailpub.I can get to all of these ports on the new server on the inside network - so that is not the problem.So, I went into the config, copied the statements for the old server, and changed them for the new server and added them to the config. I can still get to the old server from the outside fine, but cannot get to any ports on the the new server from the outside at all.I have done a lot of research, and cannot find what I am doing wrong.
View 6 Replies
View Related
Jun 23, 2011
How many WLCs 5508 can you add to the mobility group?
View 1 Replies
View Related
Dec 22, 2011
I have the Cisco Router 861 whit the IOS c860-universalk9-mz.150-1.M7.bin. I have created a Vlan, but when I create a second vlan, I have this message: "Vlan can not be added. Maximum number of 2 vlan(s) in the database.
I need to add more than two vlan.
View 3 Replies
View Related
May 31, 2011
Note If you configure VPN, the client dynamically adds invisible NAT rules to the end of this section. Be sure that you do not configure a twice NAT rule in this section that might match your VPN traffic, instead of matching the invisible rule. If VPN does not work due to NAT failure, consider adding twice NAT rules to section 3 instead.
View 2 Replies
View Related
Jul 1, 2011
By reruning discovery with new seeds etc I have more devices discovered. Howeverr they are not shown in the inventory, only in the Device Discovery Summary however.
View 10 Replies
View Related
Mar 25, 2013
when we add new switch to STP converged enviroment, switch flush the data from the data base.how to protect database from deleting the information
View 10 Replies
View Related
Feb 27, 2011
I recently installed a wireless printer and all seemed to work well until the next day. I am able to get on the Internet with my iPad but not my PC. I've tried winsock fix, ipconfig, netsh commands and other stuff but I can't connect to the Internet. When I tried to run ipconfig/all here's what I got:
An internal error occurred:The request is not supported.
View 13 Replies
View Related
Feb 8, 2011
I added the network printer cum scanner - cm1312, going to control panel >> add printer >> etc. etc. Now I can print. But there is no scanner installed. What I can do?
View 5 Replies
View Related
Jan 2, 2013
I added RAM to my HP Pavilion a6000n PC, and the only downside is that it no longer identifies the Netgear WNR1000v2-VC router as wireless.I run Windows 7 - have Comcast Internet and have an Arris TM722 modem.The modem and router were supplied by Comcast.I reloaded the cd that came with the router, everything appears to be on the hard drive, but the wireless is still not "enabled". The computer shows the connection as a local area connection, even though the modem and router are connected to each other and the pc.
View 2 Replies
View Related
Dec 27, 2011
I have a friend who asked me how he could stop his children accessing porn etc on their ipods etc that they pick up from a wireless router.Is it possible to route a wireless signal through a computer that has parental controls?
View 1 Replies
View Related
Jun 25, 2011
I am doing an evaluation of LMS 4.0. I have loaded the system on Windows and manually added my core 3750 switch into the system. Device availability is showing the device as available. However, the other pollers like link utilization, error count, etc. all show that there is no data. When I go into the poller config, the pollers for link utilization and errors show 0 devices associated and a status of "instance not found". The CPU and availability pollers show active with my one device added. I have verified the credentials and if I go into Inventory -> Port and module and select my 3750 I do get a list of all the interfaces and the descriptions so LMS is connecting to the switch and pulling data.
So how do I get the pollers for link utilization and errors to start populating data?
Second question, during install I did configure the software update section and it said there was an LMS 4.0.1 available which I told it to download. Now I have a psu_download directory and some more directories like cm, cmf, etc. but I don't see any file on what to do with them. What do I need to do to install the new package files that were downlaoded to psu_download?
View 4 Replies
View Related
