I had this same problem when I started using 802.1Q tagging. It appears
that different NICs can packetize the data differently - smaller packets,
regardless of the MTU set. After allowing for the extra overhead of the
802.1Q tags, and a little more, I have been using 1400 in the m0n0wall (no
change in the PC's) for a few weeks now and have not had any problems.
----- Original Message -----
From: "Raphael Maunier" <raphael at maunier dot net>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Monday, June 06, 2005 4:07 AM
Subject: [m0n0wall] Vlan & Mtu problem
> Hi all,
> I have some pb with Vlan and Monowall.
> Here is my configuration:
> Monowall with 3 lan interfaces using 1.2b8
> - Public
> - Customers
> - Backup server
> All interfaces are connected on a cisco switch.
> All customers have to be on different subnet and don't have to see each
> I use 802.1Q on customers interface.
> Ip configuration is /27 for all Vlan interfaces
> All Servers are Win2K3.
> Customers have to connect using PPTP (@home) and Ipsec (@work).
> Config ot the trunk
> sh run interface fastEthernet 0/47
> Building configuration...
> Current configuration:
> interface FastEthernet0/47
> description Customers 802.1Q Trunk
> switchport trunk encapsulation dot1q
> switchport mode trunk
> spanning-tree portfast
> sh int status | i Fa0/47
> Fa0/47 Customers 802.1Q T connected trunk A-Full A-100
> For the test, all rules are "accept" between all interfaces. I have 2 W2K3
> on 2 differents interfaces.
> Both servers are able to ping each other. But when I try do use rdp from
> one interface to another, it doesn't work, even if I use "Allow fragmented
> packets". I also tried with PPTP.
> I finally sorted out using an MTU of 1468 on the win2K3 srv.
> I thought that is was the end but into the Ipsec tunnel unable to use rdp.
> I changed the MTU from 1468 to 1400 and it's seems to work this way.
> The problem seems to be located only on Giga Intel card. I tried with an
> Via ethernet card and no problem...
> FYI, I also test this configuration without vlan and only physical
> interface with default MTU value and all is ok.
> How can I be sure that the 1400 value for the Mtu will be the good one ?
> Raphaël Maunier
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch