Layer2 WAN connection

Unanswered Question
Nov 17th, 2009

dear all,

i have Catalyst 2960 switch and 3560 PoE switch are connected together through a 1M leased line via trunk ports.

I cannot ping from any side to the other with a packet of size 1500 or more, also RDP connection is very slow and usually times out

trunk port of the 2960 is 10/100 and that of the 3560 is Gig.

any advise?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
c.captari Thu, 11/19/2009 - 21:26

Hi. I had the same issue in one of the companies i worked for. It turned out that the provider was using an mpls cloud and they failed to increase the MTU to 1512 (to support 3 labels on top of the packet) in some of their hops.

Have a read below. In essence:

When a packet becomes labeled, the size increases slightly. If the IP packet was already at the maximum size possible for a certain data link (full MTU), it becomes too big to be sent on that data link because of the added labels. Therefore, the frame at Layer 2 becomes a giant frame. Because the frame is only slightly bigger than the maximum allowed, it is called a baby giant frame.

For diagnostics use (MTUROUTE - Debug the MTU values between you and a host)

In essence is very hard to make the service provider understand that they have forgotten to increase their MTU size on some of their MPLS links. That mturoute might help. If you use it to trace over their infrastructure it will give you some statistics as to what is the highest MTU in the path.

As an alternate method, force your client machine (not RDP server) to a lower MTU value.. By default windows will send 1500 bytes size packets and if that becomes fragmented (due to MPLS cloud) apparently RDP as an application doesn't like it. For me it turned out that lowering on the client machine forced the OS to send RDP packets with a lower MTU value and it worked.

To easily modify the MTU value on windows search from DRTCP application ( . If you set it to 1200 for example the RDP should work as adding the labels in the MPLS cloud would probably not go above the service provider's mtu. Of course this is not neat, but it's just to prove the point that the problem is the MTU.

m.metwally Fri, 11/20/2009 - 04:26

Dear friend,

I'd like to thank you first for your response and, want to tell you that I have tried to connect my PCs directly to the modems in both sides (taking the both switches away), and i was able to ping untill 15,000 as packet size which means the ISP settings ae correct (as I think and please correct me if I'm wrong)

Paolo Bevilacqua Fri, 11/20/2009 - 04:53

Best would be to use router, not switch and possibly connect directly to the circuit not using the bridges.

That way you could monitor circuit usage and set QoS.

Mohamed Sobair Sat, 11/21/2009 - 00:12


With 1500 as packet size , the packet has to be fragmented , the fragmentation can cause delays.

The Default time out in a cisco router/switch is 2 seconds, which means if the delay is larger than those 2 seconds , you will see .. instead of !!.

This doesnt necessarily means the packet is not transmitted at all, it just means there is no reply within those 2 seconds.

Try to decrease the MTU , or the second option is to increast the timeout on the router and check the result.




This Discussion