Setup Guide
without fragmentation. If the ICMP message from the receiving device, which is sent to the originating device, contains the next-hop MTU,
then the sending device lowers the packet size accordingly and resends the packet. Otherwise, the iterative method is followed until the
packet can traverse without being fragmented.
To use the PMTD in the physical interface, you must allocate and activate the fedgov CAM ACL space using the cam-acl command. The
fedgov CAM ACL space is dened as a value (0-8) and you can select the required value to dene the space. When the space is activated,
you can send the ICMP type 3 messages through the physical port.
To use the PMTD functionality, you must enter the ip unreachables command on a VLAN interface to enable the generation of ICMP
unreachable messages in the intermediate nodes. The PMTD functionality is based on the ICMPv4 destination unreachable message, which
is generated by the intermediate device only when the
ip unreachables command is congured. PMTD is supported on all the layer 3
VLAN interfaces. Since all of the Layer 3 interfaces are mapped to the VLAN ID of 4095, you cannot congure unique layer 3 MTU values
for each of the layer 3 interfaces. If a VLAN interface contains both IPv4 and IPv6 addresses congured in the system, both the IPv4 and
IPv6 trac are applied to the same MTU size; you cannot specify dierent MTU values for IPv4 and IPv6 packets.
Packet handling during MTU mismatch
When you congure the MTU size on an interface, ensure that the MTU size of both ingress and egress interfaces are set to the same
value for IPv4 trac to work correctly. If there is an MTU mismatch between the ingress and egress interface, there may be a high CPU
usage. If egress interface MTU size is smaller than the ingress interface, packets may get fragmented.
Using the Congured Source IP Address in ICMP
Messages
ICMP error or unreachable messages are now sent with the congured IP address of the source interface instead of the front-end port IP
address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in
Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface congured with a static route,
it is discarded. In such cases, you can congure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the
transmitting device.
Conguring the ICMP Source Interface
You can enable the ICMP error and unreachable messages to contain the congured IP address of the source device instead of the
previous hop's IP address. This conguration helps identify the devices along the path because the DNS server maps the loopback IP
address to the host name, and does not translate the IP address of every interface of the switch to the host name.
Congure the source to send the congured source interface IP address instead of using its front-end IP address in the ICMP unreachable
messages and in the traceroute command output. Use the ip icmp source-interface interface or the ipv6 icmp
source-interface interface commands in Conguration mode to enable the ICMP error messages to be sent with the source
interface IP address. This functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages.
feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported for
tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list the IP addresses of the devices in the hops of the path for which ICMP
source interface is congured.
480
IPv4 Routing