The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to understand and troubleshoot MTU (Maximum Transmission Unit) on Catalyst 9000 series switches.
There are no specific requirements for this document.
The information in this document is based on these hardware versions:
Note: You can configure the MTU size for all interfaces on a device at the same time with the global command "system mtu". As of Cisco IOS® XE 17.1.1, Catalyst 9000 switches support Per-Port MTU. Per-Port MTU supports port level and port channel level MTU configuration. With Per-Port MTU you can set different MTU values for different interfaces as well as different port channel interfaces.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Note: Consult the appropriate configuration guide for the commands that are used in order to enable these features on other Cisco platforms.
Total Fram Size = MTU + L2 Header
Port Type |
Default MTU - Bytes |
Configured MTU - Bytes |
L2 Header |
Total Frame Size |
L2 Access |
1500 |
18 |
1518 |
|
9216 |
18 |
9234 |
||
L2 Trunk |
1500 |
22 |
1522 |
|
9216 |
22 |
9238 |
||
L3 Physical port |
1500 |
18 |
1518 |
|
9216 |
18 |
9234 |
||
L3 SVI |
1500 |
18 |
1518 |
|
9216 |
18 |
9234 |
||
IP MTU on L3 port |
1500 |
Range is supported |
18 |
Based on the ip mtu configured value |
What is MTU?
What is L2 header and its length?
What is the packet length handled by an interface?
What is Default MTU?
Does MTU check happen Ingress or Egress?
Egress: MTU is the Maximum Transmission Unit, it is an Egress check, the decision to fragment or transmit as is or drop is decided for egress
Note: If a packet has the DF (Don't Fragment) bit set in the IP header and Port MTU is less than the packet to be routed, Packet it is dropped
Ingress: MTU check is also done for packets which arrive at an interface
What are Jumbo Packets?
Are Jumbo packets or Oversized packets considered error packets ?
What is the Minimum Packet Size a port can handle?
What happens when the System MTU is 9216 and SVL header adds an additional 64 bytes?
What is IP MTU?
What is the difference between System MTU and Per-Port MTU?
What is the impact of fragmentation due to MTU limitations?
What is PMTUD (Path MTU Discovery)?
IPv6 MTU
Standard Ethernet Frame, with no Dot1Q, or other tags
Dot1Q Ethernet Frame
This configuration can be done globally, or at the per-port level with Cisco IOS® XE 17.1.1 or higher, Check your hardware supports this configuration.
### Global System MTU set to 1800 bytes ###
9500H(config)#system mtu ?
<1500-9216> MTU size in bytes <-- Size range that is configurable
9500H(config)#system mtu 1800 <-- Set global to 1800 bytes
Global Ethernet MTU is set to 1800 bytes.
Note: this is the Ethernet payload size, not the total
Ethernet frame size, which includes the Ethernet
header/trailer and possibly other tags, such as ISL or
802.1q tags. <-- CLI provides information about what is counted as MTU
### Per-Port MTU set to 9216 bytes ###
9500H(config)#int TwentyFiveGigE1/0/1
9500H(config-if)#mtu 9126 <-- Interface specific MTU configuration
This section describes how to verify both the software and hardware settings for MTU.
Software MTU Verification
9500H#show system mtu
Global Ethernet MTU is 1800 bytes. <-- Global level MTU
9500H#show interfaces mtu
Port Name MTU
Twe1/0/1 9216 <-- Per-Port MTU override
Twe1/0/2 1800 <-- No per-port MTU uses global MTU
<...snip...>
9500H#show interfaces TwentyFiveGigE 1/0/1 | inc MTU
MTU 9216 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
9500H#show interfaces TwentyFiveGigE 1/0/2 | inc MTU
MTU 1800 bytes, BW 25000000 Kbit/sec, DLY 10 usec,
Hardware MTU Verification
9500H#show platform software fed active ifm mappings
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
TwentyFiveGigE1/0/1 0x8 1 0 1 20 0 16 4 1 101 NIF Y <-- Retrieve the IF_ID for use in the next command
TwentyFiveGigE1/0/2 0x9 1 0 1 21 0 17 5 2 102 NIF Y
9500H#show platform software fed active ifm if-id 0x8 | inc MTU
Jumbo MTU ............ [9216] <-- Hardware matches software configuration
9500H#show platform software fed active ifm if-id 0x9 | in MTU
Jumbo MTU ............ [1800] <-- Hardware matches software configuration
Note: 'show platform software fed <active|standby>' can vary. Certain platforms require 'show platform hardware fed switch <active|standby|sw_num>'
If either of these counters increment it usually it means that the received packets have arrived over the configured MTU.
9500H#show int twentyFiveGigE 1/0/3 | i MTU
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
0 runts, 0 giants, 0 throttles <-- No giants counted
9500H#show controllers ethernet-controller twentyFiveGigE 1/0/3 | i ValidOverSize
0 Deferred frames 0 ValidOverSize frames <-- No giants counted
### 5 pings from neighbor device with MTU 1800 to ingress port MTU 1500 ###
9500H#show int twentyFiveGigE 1/0/3 | i MTU|giant
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
0 runts, 5 giants, 0 throttles <-- 5 giants counted
9500H#show controllers ethernet-controller twentyFiveGigE 1/0/3 | i ValidOverSize
0 Deferred frames 5 ValidOverSize frames <-- 5 giants counted
Details about theshow controllers ethernet-controller command
9500H#show controllers ethernet-controller twentyFiveGigE 1/0/3 | i Fcs|InvalidOver
0 Good (>1 coll) frames 0 InvalidOverSize frames <-- MTU too large and bad CRC
0 Gold frames dropped 0 FcsErr frames <-- MTU within limits with bad CRC
This section describes how to configure ip mtu on a tunnel interface
C9300(config)#interface tunnel 1
C9300(config-if)#ip mtu 1400
interface Tunnel1
ip address 10.11.11.2 255.255.255.252
ip mtu 1400 <-- IP MTU command sets this line at 1400
ip ospf 1 area 0
tunnel source Loopback0
tunnel destination 192.168.1.1
Software IP MTU Verification
C9300#sh ip interface tunnel 1 <-- Show the IP level configuration of the interface
Tunnel1 is up, line protocol is up
Internet address is 10.11.11.2/30
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1400 bytes <-- max size of IP packet before fragmentation occurs
Hardware IP MTU Verification
C9300#sh platform software fed switch active ifm interfaces tunnel
Interface IF_ID State
----------------------------------------------------------------------
Tunnel1 0x00000050 READY <-- Retrieve the IF_ID for use in the next command
C9300#sh platform software fed switch active ifm if-id 0x00000050
Interface IF_ID : 0x0000000000000050 <-- The interface ID (IF_ID)
Interface Name : Tunnel1
Interface Block Pointer : 0x7fe98cc2d118
Interface Block State : READY
Interface State : Enabled
Interface Status : ADD, UPD
Interface Ref-Cnt : 4
Interface Type : TUNNEL
<...snip...>
Tunnel Sub-mode: 0 [none]
Hw Support : Yes
Tunnel Vrf : 0
IPv4 MTU : 1400 <-- Hardware matches software configuration
<...snip...>
When packets are sent through a Tunnel interface, fragmentation can happen in two ways noted in these examples.
Standard IP Fragmentation
Fragmentation of the original packet to reduce MTU before tunnel encapsulation.
### Tunnel Source Device: Tunnel IP MTU 1400 | Interface MTU 1500 ###
C9300#ping 172.16.1.1 source Loopback 1 size 1500 repeat 10 <-- ping with size over IP MTU 1400
Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.2.1
!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/1 ms
### Tunnel Destination Device: Ingress Capture Twe1/0/1 ###
9500H#show monitor capture 1
Status Information for Capture 1
Target Type:
Interface: TwentyFiveGigE1/0/1, Direction: IN <-- Ingress Physical interface
9500H#sh monitor capture 1 buffer br | inc IPv4|ICMP
9 22.285433 172.16.2.1 b^F^R 172.16.1.1 IPv4 1434 Fragmented IP protocol (proto=ICMP 1, off=0, ID=6c03)
10 22.285526 172.16.2.1 b^F^R 172.16.1.1 ICMP 162 Echo (ping) request id=0x0004, seq=0/0, ttl=255
11 22.286295 172.16.2.1 b^F^R 172.16.1.1 IPv4 1434 Fragmented IP protocol (proto=ICMP 1, off=0, ID=6c04)
12 22.286378 172.16.2.1 b^F^R 172.16.1.1 ICMP 162 Echo (ping) request id=0x0004, seq=1/256, ttl=255
<-- Fragmentation occurs on the Inner ICMP packet (proto=ICMP 1)
<-- Fragments are not reassembled until they reach the actual endpoint device 172.16.1.1
Post Tunnel Encapsulation Fragmentation
Fragmentation of the actual tunnel packet to reduce MTU once encapsulation has occurred, but the device detects MTU is too large.
### Tunnel Source Device: Tunnel IP MTU 1500 | Interface MTU 1500 ###
C9300(config-if)#ip mtu 1500
%Warning: IP MTU value set 1500 is greater than the current transport value 1476, fragmentation may occur
<-- Device warns the user that this can cause fragmentation (this is a configuration issue)
### Tunnel Destination Device: Ingress Capture Twe1/0/1 ###
9500H#show monitor capture 1
Status Information for Capture 1
Target Type:
Interface: TwentyFiveGigE1/0/1, Direction: IN <-- Ingress Physical interface
9500H#sh monitor capture 1 buffer br | i IPv4|ICMP
1 0.000000 192.168.1.2 b^F^R 192.168.1.1 IPv4 1514 Fragmented IP protocol (proto=Generic Routing Encapsulation 47, off=0, ID=4501)
2 0.000042 172.16.2.1 b^F^R 172.16.1.1 ICMP 60 Echo (ping) request id=0x0005, seq=0/0, ttl=255
3 2.000598 192.168.1.2 b^F^R 192.168.1.1 IPv4 1514 Fragmented IP protocol (proto=Generic Routing Encapsulation 47, off=0, ID=4502)
4 2.000642 172.16.2.1 b^F^R 172.16.1.1 ICMP 60 Echo (ping) request id=0x0005, seq=1/256, ttl=255
<-- Fragmentation has occurred on the outer GRE header(proto=Generic Routing Encapsulation 47)
<-- Fragments must be reassembled at the Tunnel endpoint, in this case the 9500
Cisco bug ID CSCvr84911 System MTU not respected after reload
Cisco bug ID CSCvq30464CAT9400: MTU config not applied to inactive ports which become active
Cisco bug ID CSCvh04282 Cat9300 non-default system MTU config value is not respected after reload
Revision | Publish Date | Comments |
---|---|---|
2.0 |
12-May-2023 |
Recertification |
1.0 |
07-Jul-2021 |
Initial Release |