SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  How to set MTU value through JDHCP access address-assignment

    Posted 06-17-2022 05:23
    Dear colleagues and forum members,

    I am facing a hopefully solvable problem and ask for your help.

    It's about the MTU value I want to set within the SRX DHCP server settings so that the devices get the MTU value assigned by the DHCP server when connecting to the network.

    Here is my configuration and further details:

    I am currently configuring an SRX210H2 (JUNOS software release [12.3X48-D105.4]).

    The ISP provides a connection through DHCP client (fiber network). The MTU value I have to set in the wan-interface configuration to get an IP address is 1500.

    root@SRX210# show interfaces ge-1/0/0
    description ISP_Fiber;
    per-unit-scheduler;
    mtu 1500;
    link-mode full-duplex;
    gigether-options {
    auto-negotiation;
    }
    unit 0 {
    family inet {
    dhcp-client;
    }
    }

    So far so good. The connection works and is stable.

    But, the logical interface ge-1/0/0.0 no longer has the MTU value of 1500 after the IP address has been assigned, but only 1486.

    root@SRX210# run show interfaces ge-1/0/0
    [...]
    Logical interface ge-1/0/0.0 (Index 87) (SNMP ifIndex 533)
    Flags: SNMP-Traps 0x0 Encapsulation: ENET2
    Input packets : 585528
    Output packets: 220947
    Security: Zone: Internet
    Allowed host-inbound traffic : bootp bfd bgp dvmrp igmp ldp msdp nhrp ospf
    pgm pim rip router-discovery rsvp sap vrrp dhcp ping
    Protocol inet, MTU: 1486
    Flags: Sendbcast-pkt-to-re, Is-Primary
    Addresses, Flags: Is-Default Is-Preferred Is-Primary
    Destination: x.x.x.x, Local: x.x.x.x
    Broadcast: x.x.x.x

    My PCs and Wifi devices get their IP addresses assigned by DHCP servers (JDHCP, access address-assignment settings), like e.g.

    root@SRX210# show access address-assignment
    pool LAN-pool {
    family inet {
    network 10.0.0.0/24;
    range LAN-range {
    low 10.0.0.100;
    high 10.0.0.199;
    }
    dhcp-attributes {
    name-server {
    8.8.8.8;
    }
    router {
    10.0.0.1;
    }
    }
    ...

    However, these computers and devices have the standard MTU value of 1500, which causes the Internet connections to stick, break or some websites cannot be called up at all.

    If I manually change the MTU value of the devices' network adapter to 1486 through Windows PowerShell, the Internet connection works fine.

    Now my question: How can I set the MTU value of the workstations using the SRX configuration of the DHCP servers so that all devices are automatically assigned get the mandatory MTU value 1486?

    Or is there perhaps a completely different approach?

    Any help is greatly appreciated.

    ------------------------------
    Steve
    ------------------------------


  • 2.  RE: How to set MTU value through JDHCP access address-assignment

    Posted 06-21-2022 13:52
    You might try this as an overall approach.

    > set security flow tcp-mss all-tcp mss 1400, or what ever size you want.  

    We had similar problems over a VPN, and had to use the >set security flow tcp-mss ipsec-vpn mss 1400 command.  No problems since.

    Good luck.