Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Interface link speed 3
- Thread starter DomenicoC
- Start date
-
1
- #2
-
1
- #3
jneiberger
Technical User
Do you have a good reason for not leaving the speed and duplex at the default setting of AUTO?
- Thread starter
- #4
jneiberger
Technical User
I wouldn't hard-set the speed and duplex settings unless you're actually seeing interface-level errors. I don't have a lot of experience with troubleshooting packet drops on VPN tunnels. My first thought is that perhaps you are having MTU issues.
- Thread starter
- #6
jneiberger
Technical User
Do a "show int" on your router and you'll see if there are interface-level errors. If there aren't any then don't mess around with your speed and duplex settings. Leave it at AUTO.
I would recommend beginning a new thread titled "Packet Drops on VPN Tunnel" and you'll probably get more help from people more qualified than me. I've had some experience with VPNs but probably not enough to help you out.
I would recommend beginning a new thread titled "Packet Drops on VPN Tunnel" and you'll probably get more help from people more qualified than me. I've had some experience with VPNs but probably not enough to help you out.
-
1
- #8
There's a problem with packets exceeding the MTU due to VPN overhead and having the DF bit set.
Try, on the interfaces, "ip policy route-map clear-df" and a route policy:
route-map clear-df permit 10
match ip address 101
set ip df 0
and an ACL:
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
.. etc.
This will force the router to clear the DF bit and fragment regardless of what the sender specified. This may not be your issue, but is something that we found affecting VPN traffic.
Try, on the interfaces, "ip policy route-map clear-df" and a route policy:
route-map clear-df permit 10
match ip address 101
set ip df 0
and an ACL:
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
.. etc.
This will force the router to clear the DF bit and fragment regardless of what the sender specified. This may not be your issue, but is something that we found affecting VPN traffic.
- Thread starter
- #9
Thank you everyone for your advice. I have to throw a curve ball into the equation. The connections worked perfect for about 10-20 minutes. I disconnected it and connected it again and it started dropping packets once again. Any ideas on what might be going on?
Cheers,
Dom
Cheers,
Dom
jneiberger
Technical User
Try to nail down exactly where the packets are being dropped. Are they being dropped in VPN tunnel? Are they being dropped at the interface due to errors?
How are you determining that packet loss is actually occurring?
How are you determining that packet loss is actually occurring?
- Thread starter
- #11
jneiberger
Technical User
When you do a ping from that workstation and the pings start failing, do they all start failing or is the packet loss intermittent?
When the packet loss begins to occur, can you try pinging with different packet sizes to see if smaller packets don't fail?
Is you interface seeing any errors at all?
When the packet loss begins to occur, can you try pinging with different packet sizes to see if smaller packets don't fail?
Is you interface seeing any errors at all?
- Status
Similar threads
- Locked
- Question