Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

DF Bit Commands

14-138 Configuring the VPN

Defaults

• Disabled

• Copysetting

Mode

Globalconfiguration:XSR(config)#

Example

ThefollowingexampleclearstheDFbitonallinterfaces:

XSR(config)#crypto ipsec df-bit clear

crypto ipsec df-bit (Interface configuration)

ThiscommandsetstheDFbitfortheencapsulatingheaderinVPNTunnelModetoaspecific

interface.

TheclearsettingfortheDFbitshouldbeusedforencapsulatingTunnelModeIPSectrafficwhen

youcantransmitpacketslargerthanthe availableMTUsizeoryoudonotknowthe

available

MTUsize.

Syntax

crypto ipsec df-bit {clear | set | copy}

Defaults

• Disabled

• Copysetting

Mode

Interfaceconfiguration:XSR(config-if<xx>)#

Example

ThefollowingexamplesetstheDFbitonF1:

XSR(config-if<F1>)#crypto ipsec df-bit set

copy

XSRwillsearchtheoriginalpacketfortheouterDFbitsetting.

Note: This command overrides any existing DF bit global settings.

clear

XSRwillcleartheDFbitfromtheouterIPheader;theroutermay

fragmentthepackettoaddIPSecencapsulation.

set

XSRwillsettheDFbitintheouterIPheaderbuttheroutermay

fragmentthepacketiftheoriginalpackethadtheDFbitcleared.

copy

XSRwillsearchtheoriginalpacketfortheouterDFbitsetting.

previous next