MTU problems with lightweight AP at the end of a GRE/IPSEC tunnel
I have a 4404 controller integrated into a 3750G chassis. It is running the 220.127.116.11 firmware. It is configured int L3 mode. It is installed at the headquarters location.
I have access points at a remote location that is connected back to the main site via an IPSEC secured GRE tunnel.
The remote-site APs will register with the controller without issue. Wireless clients can connect to the APs and obtain an IP address. I am able to pass ICMP traffic of any size from a wireless client to corporate resources. However, I cannot use any TCP/UDP applications on the wireless client without manually adjusting the MTU. When the MTU is set to 1500, I cannot pass any traffic. When I set the MTU to 1300 and reboot the XP workstation, I have network access again.
There are no MTU issues present on the wired network at the remote location, just from the LWAPs.
I've adjusted the MTU on the tunnel interfaces to account for GRE/IPSEC tunnel mode overhead.
I've tried IPSEC pre-fragmentation on both sides of the IPSEC/GRE link.
I've verified that no ICMP packets are being dropped and that PMTUD is allowed to take place.
The connection at the remote site is a cable connection with no additional data-link overhead. I have verified this by sourcing packets from the router to the ISP gateway using a packet size of 1500 and specifying the DF bit be set. I am able to pass 1500 byte packets without issue.
The HQ site has an HDLC encapsulated T1, so there is no additional DL overhead there either.
I really don't want to have to modify the MTU manually on every wireless client at this remote site. Any ideas what I'm missing?
Re: MTU problems with lightweight AP at the end of a GRE/IPSEC t
On your Cisco routers, you can adjust the TCP MSS so that new TCP sessions will be set up with smaller segment sizes. This will work for TCP, but not UDP. UDP normally uses smaller packets sizes ... so you might be fine.
Article ID:5727 Configure the Single Point Setup on the WAP581 Objective
A Wireless Access Point (WAP) connects to a router and serves as a node
to the Wireless Local Area Network (WLAN). Clustering is when multiple
WAPs are joined on the same network. Th...
Article ID:5706 Upgrade the Firmware on the WAP125 Objective New
firmware releases are improvements from previous firmware versions.
Network device performance can be enhanced when an upgrade is made.
Firmware files can be downloaded through: Trivial File...
Article ID:1972 Configure Time Settings on a Wireless Access Point
Objective The system clock provides a network-synchronized time-stamping
service for software events such as message logs. Without synchronized
time, accurate correlation of log files betw...