Cisco Cisco Web Security Appliance S670 トラブルシューティングガイド
How do I modify the WSA MTU size to match the
MTU used on routers?
MTU used on routers?
Document ID: 118155
Contributed by Cordelia Naumann and Siddharth Rajpathak, Cisco TAC
Engineers.
Engineers.
Aug 05, 2014
Contents
Question:
Question:
How do I modify the MTU size on WSA to match the MTU used on routers?
Environment: Cisco Web Security Appliance (WSA), WCCP used for traffic redirection
Symptoms: Router performance and/or network traffic is affected due to WSA using higher MTU, typically
seen when WCCP redirection is involved.
seen when WCCP redirection is involved.
When you use WCCP redirection on a router to send redirect traffic to WSA and the router uses a MTU size
that is less than 'WSA MTU size + GRE headers', then you may need to lower the MTU size on WSA so that
WSA's MTU is lower than router's MTU size + size of GRE headers.
that is less than 'WSA MTU size + GRE headers', then you may need to lower the MTU size on WSA so that
WSA's MTU is lower than router's MTU size + size of GRE headers.
Typically this is needed when VPN traffic is being sent to WSA, which has a lower MTU than LAN
traffic
traffic
•
By default, the MTU on WSA interface is 1500.
You can change the MTU on WSA interface from CLI using the below steps:
cli> etherconfig > MTU > <Specify the number for the respective interface>
1.
Specify the MTU
2.
Press <Enter> until to return to original CLI prompt
3.
Use 'commit' and Press <Enter>
4.
If you don't this, WCCP still works, but if there is a MTU mis−match then the router may do a lot of traffic
processing in its CPU instead of a dedicated ASIC chip, which may cause undue strain on the router's CPU.
processing in its CPU instead of a dedicated ASIC chip, which may cause undue strain on the router's CPU.
Updated: Aug 05, 2014
Document ID: 118155