Interface MTU Too Large — Fragmentation or Black Hole Routing
Presenting Symptom
Users report that large file transfers or certain applications fail intermittently, while small packets (e.g., ping with size 100) succeed.
Network Context
A small branch office with a Cisco 4321 ISR router (IOS XE 16.9) connects to the corporate HQ via a WAN link (T1, 1.544 Mbps). The router's GigabitEthernet0/0/0 interface (facing the LAN) has an MTU of 1500 bytes, but the serial interface (Serial0/0/0, facing the WAN) has an MTU of 1400 bytes due to a misconfiguration. The LAN has a mix of Windows and Linux hosts.
Diagnostic Steps
Check interface MTU configuration
show interfaces Serial0/0/0 | include MTUMTU 1400 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
The MTU is 1400 bytes, which is smaller than the typical Ethernet MTU of 1500. This mismatch can cause fragmentation or black hole routing.
Test connectivity with different packet sizes
ping 10.1.1.1 size 1400 df-bit
ping 10.1.1.1 size 1500 df-bitSuccess for size 1400; failure (e.g., '.....' or 'U.U.U') for size 1500
Ping with DF bit set and size >1400 fails, indicating that packets larger than the WAN MTU are being dropped because the DF bit prevents fragmentation.
Check for ICMP unreachable messages
debug ip icmpICMP: dst (10.1.1.1) frag. needed and DF set unreachable sent to 10.1.1.2
The router is sending ICMP 'fragmentation needed' messages, but if these are blocked by firewalls or ACLs, the sender never learns to reduce packet size, causing black hole routing.
Verify path MTU discovery behavior
show ip traffic | include ICMPICMP: 10 unreachables sent
Confirms that ICMP unreachable messages are being generated. If the count is high, it indicates many packets are being dropped due to MTU issues.
Root Cause
The serial interface (Serial0/0/0) has an MTU of 1400 bytes, while the LAN interface (GigabitEthernet0/0/0) has an MTU of 1500 bytes. When a host sends a 1500-byte packet with the DF bit set, the router cannot fragment it and sends an ICMP 'fragmentation needed' message back. If that ICMP message is blocked (e.g., by an ACL or firewall), the sender never reduces its packet size, resulting in a black hole for large packets.
Resolution
Verification
After applying the fix, verify the MTU and test connectivity: ``` show interfaces Serial0/0/0 | include MTU ping 10.1.1.1 size 1500 df-bit ``` Expected output: MTU 1500 bytes, and the ping with size 1500 and DF bit set succeeds.
Prevention
1. Ensure all interfaces in the path have consistent MTU values, especially between LAN and WAN. 2. Use IP TCP adjust-mss on routers to automatically set the TCP MSS to avoid fragmentation. 3. Configure ACLs to permit ICMP unreachable messages (type 3, code 4) to ensure Path MTU Discovery works.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of MTU, fragmentation, and the DF bit. Questions may present a troubleshooting scenario where large pings fail but small pings succeed, and ask to identify the root cause (MTU mismatch) or the fix (adjust MTU or TCP MSS). The exam also tests knowledge of ICMP unreachable messages and their role in Path MTU Discovery.
Exam Tips
Remember that the DF bit prevents fragmentation; if a packet is too large, the router drops it and sends an ICMP 'fragmentation needed' message.
If ICMP is blocked, Path MTU Discovery fails, leading to black hole routing. Always check ACLs for ICMP filtering.
The command 'ip tcp adjust-mss' is commonly used on routers to set the TCP MSS to avoid fragmentation without changing MTU.
Commands Used in This Scenario
ping [ip]
The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.
show interfaces
Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions