MTU

 Router(config-if)# crypto ipsec fragmentation before-encryption

Router(config-if)# crypto ipsec fragmentation after-encryption

Router(config)# interface tunnel 4 

Router(config-if)# ip tcp adjust-mss 1360

Router(config-if)# ip mtu 1400

Router(config)# interface tunnel 6 

Router(config-if)# ipv6 tcp adjust-mss 1340

Router(config-if)# ipv6 mtu 1400

One method to test and detect a reduced MTU size is to use a ping with a large packet size. Here are some examples of how to do this.

C:\Users\ScottHogg> ping -l 1500 192.168.10.1

On a Windows host you can also set the Do Not Fragment (DF) bit to 1 with the “-f” ping parameter.

Content Continues Below

Ad

C:\Users\ScottHogg> ping 192.168.10.1 -l 1500 –f

On Linux the command would be:

RedHat# ping -s 1500 -M do 192.168.10.1

On a Cisco IOS device the command would be:

Content Continues Below

Router1# ping 192.168.10.1 size 1500 df-bit

On a Cisco NX-OS device the command would be: 

Switch7K# ping 192.168.10.1 packet-size 9216 c 10

On a Cisco IOS XR device the command would be:

 Content Continues Below

RP/0/RP0/CPU0:Router1#ping 192.168.10.1 size 1500 donnotfrag

On a JUNOS device the command would look like:

root@J4350-1# run ping 192.168.10.1 size 1500 do-not-fragment rapid