How to change the MTU of a GRE tunnel

By arunhasan1 posted Aug 07, 2014 10:19 AM


GRE tunnel is created between the Access Point and controller to for the Service Set Identifier (SSID). The default MTU for the GRE tunnel is 1500 bytes for the Campus Access Point (CAP) and 1200 bytes for the Remote Access Point (RAP).


In some deployment scenario, the CAP is install in the branch office is connected to the corporate network via the IPSEC tunnel established between two external VPN endpoints. Packet fragmentation will occur if the MTU size for the GRE tunnel is at the default of 1500 bytes. Packets fragmentation will generally cause degraded throughput and performance. 


Perform the following steps to change the MTU to 1200 bytes to avoid packet fragmentation for this deployment scenario. 

Web UI: 
1. Login with your administrator account username and password. 
2. Click on Configuration -> WIRELESS (AP Configuration) -> Select the AP Group name where the change is needed -> AP (AP system) -> General (SAP MTU), Enter 1200 
3. Click APPLY 
4. Click Save configuration 

1. SSH to the master mobility controller with the administrator username and password. 
2. Enter the enable mode if bypass is disabled. 
3. Note down the name of the AP GROUP where the change is needed. 
3. Type "config t" 
4. Type "ap system-profile <name of the profile> 
5. Type "mtu 1200". This will change the MTU to 1200 bytes. 

ap-group "gretesting" 
virtual-ap "gretesting123" 
ap-system-profile "gretestingsyspro" 

ap system-profile "gretestingsyspro" 
mtu 1200


To verify the MTU value,SSH to the controller where the AP is terminated and type "show ap bss" command. Check the value under the MTU column. 

(static-master) #show ap bss 

fm (forward mode): T-Tunnel, S-Split, D-Decrypt Tunnel, B-Bridge (s-standard, p-persistent, b-backup, a-always) 

Aruba AP BSS Table 
bss ess port ip phy type ch/EIRP/max-EIRP cur-cl ap name in-t(s) tot-t mtu acl-state acl fm 
--- --- ---- -- --- ---- ---------------- ------ ------- ------- ----- --- --------- --- -- 
00:1a:1e:8f:a0:80 gretesting123 N/A g-HT ap 11/34/20.5 0 00:1a:1e:c0:fa:08 0 2m:31s 1200 - 60 T 
00:1a:1e:8f:a0:90 gretesting123 N/A a-HT ap 149+/35.5/20 0 00:1a:1e:c0:fa:08 0 2m:31s 1200 - 60 T 

Port information is available only on 6xx controller. 
Channel followed by "*" indicates channel selected due to unsupported configured channel. 
"Spectrum" followed by "^" indicates Local Spectrum Override in effect. 

Num APs:2 
Num Associations:0