12-19-2007 05:02 AM - edited 03-09-2019 07:40 PM
Can anyone please tell me what is the meaning of following command.
access-list 110 permit icmp any any packet-too-big
12-19-2007 06:30 AM
Hi
Different physical media eg ethernet, serial etc. have different MTU's (maximum tranmission unit). If a router receives a packet on one interface and needs to send it out on another interface that has a smaller MTU then the router splits the packet up into fragments and tramsmits them.
However if the DF (Do not Fragment) bit is set in the packet then the router cannot split up the packet and it sends an ICMP packet to the source saying the packet is too big for the physcial media and then discards the original packet.
This is what the above is doing. It is saying allow any packet-too-big ICMP messages to be allowed in. This is quite a common thing because if you block these type of ICMP messages you can get intermittent connectivity issues.
There is also something called PMUTD (Path MTU Discovery). The overhead of fragmentation is quite high so this is an attempt to make sure that the MTU is never too big for a link. So before actual data is sent a packet is sent with the DF bit set. If it gets all the way to destination host then the packet has not had to be frgamented. If a packet-too-big ICMP message comes back then it knows somewhere along the path the MTU is smaller than the original packet size so it then sends out another packet with a smaller MTU until it does not get a packet-too-big ICMP message back.
Hope this makes sense
Jon
12-26-2007 11:30 PM
Thnx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide