OPERATIONAL DEFECT DATABASE
...
...
Larger packets, for example eap-tls certificate packets, may be dropped between WLCs and Access Points, in various network topologies.
This has been seen in the following scenarios: 1. Network between APs and WLC clears the Dont-Fragment bit, and/or loses ICMP messages, causing normal ICMP-based Path MTU Discovery to fail 2. CAPWAP control packets, between APs and WLC, take a different network path than the CAPWAP data packets, and the CAPWAP data path has a lower actual path MTU than the CAPWAP control path. As CAPWAP PMTUD operates only on control not data packets, PMTUD will fail to sense the smaller PMTU for the data path, and so data packet transmissions may fail.
First, set TCP MSS Adjust. This will take care of client TCP packets, but will not fix the problem for non-TCP packets such as UDP or EAPOL. Second, fix the network between the APs and WLC: * don't clear the DF bit * make sure that "DF needed" ICMP messages are generated and are transmitted to the APs/WLC * if feasible, increase the path MTU * do not have the CAPWAP data take a different network path than CAPWAP control.
This bug implements an option to configure static path MTU for IOS APs. To support static path MTU configuration for AP-COS, track CSCvt16235. To configure static path MTU, in a deployment with IOS APs, configure the following commands on the WLC: To set a global static path MTU across all IOS APs: config ap pmtu disable all where is a value from 576 to 1485 bytes. To enable path MTU discovery across all IOS APs: config ap pmtu enable all To see the global PMTU setting: show ap mtu To set a static path MTU value on a single IOS AP: config ap pmtu disable To enable path MTU discovery on a single IOS AP: config ap pmtu enable There is no command to directly view the static path MTU value on an IOS AP; use the AP IOS command show capwap client rcb to view the current path MTU value.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
