Wireless Access

 View Only
last person joined: 4 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

MSS MTU/PMTUD Settings for Client Side?

This thread has been viewed 28 times
  • 1.  MSS MTU/PMTUD Settings for Client Side?

    Posted Sep 21, 2023 10:28 AM

    Hey Everyone. Here's our scenario. We have 2 offsite locations without Wireless controllers, connected over IPSec tunnels through our Palo firewalls. We landed Aruba APs (525/555/565/575s) at these sites as Campus APs. The issue we are running into is connectivity has been atrocious and narrowed it down to some sort of  MTU issue, probably with the added bytes due to the IPSEC tunnel. If I set the MTU on the client manually to something in the 1100 to 1400 range our upload and download speeds improve significantly. Is there a setting to adjust client MSS MTU from the controller? Does Aruba support PMTUD and does this need to be enabled?

    Current MTU settings:
    Crypto IPSEC: 1500
    SAP MTU: 1500
    RAP MTU: 1300 (Is this only used for GRE?)

    Post

    Thanks for any assistance!



  • 2.  RE: MSS MTU/PMTUD Settings for Client Side?

    EMPLOYEE
    Posted Sep 21, 2023 03:38 PM

    Are you saying that you are running an AP in Campus mode across a WAN connection to a controller?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: MSS MTU/PMTUD Settings for Client Side?

    Posted Sep 25, 2023 05:43 PM

    Yes that's correct. 2 of our sites have APs in Campus mode and they are just connecting to a controller over the WAN IPSEC Tunnel.




  • 4.  RE: MSS MTU/PMTUD Settings for Client Side?

    EMPLOYEE
    Posted Sep 25, 2023 05:54 PM

    That is very much not a supported setup.  First and foremost because CAP to MC requires a minimum MTU of 1500 bytes and prefers jumbo operation of at least 1578.

    The only controller based AP deployment that is fully supported across a WAN connection is Remote AP, which is designed for single AP installations.

    Local controllers or IAP-VPN would be the appropriate installation when using AOS 8 and needing to traverse a WAN connection.


    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: MSS MTU/PMTUD Settings for Client Side?

    Posted Sep 25, 2023 06:22 PM

    @chulcher I appreciate the quick reply. Thank You.