Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentWS-SVC-IPSEC-1= - IPSec VPN Services Module
21222324252627282930
30
IPSec VPN Acceleration Services Module Installation and Configuration Note
78-14459-03 Rev C0
Configuring a VPN Using the VPN Module
If you insert a VPN module in a chassis that is in compact mode and the VPN module uses one of
the automatically configured SPAN sessions without any problems, the system allows you to remove
the VPN module and then manually configure both SPAN sessions. However, if you reinsert the
VPN module, it is put in compact mode. In this situation, all multicast traffic that is sourced from
the VPN module is dropped. A syslog message is displayed directing you to remove one SPAN
session.
When you remove the last service module with the multicast issue from a chassis, the automatically
configured SPAN session is cleared and made available for other use. The automatically configured
SPAN session is also cleared when the last installed service module changes state from compact to
flow-through mode.
If you do not want to use the automatically configured SPAN session, you can clear the session using
the no monitor session session_no command.
If you have cleared the automatically configured SPAN session and then want to reconfigure it
without OIRing the VPN module, use the monitor session 1 service-module command.
Configuring MTU Settings
Note This section applies to VPN modules running Cisco IOS Release 12.2(14)SY or later releases.
There are two MTU settings on the switch:
Global—The global MTU setting is used for dropping received packets whose length is greater than
the specified MTU value. The global MTU value applies to all chassis ports. You use the system
jumbomtu command in the global configuration mode to specify the global MTU.
Interface—The interface MTU setting is used for fragmenting packets. You use the mtu command
in the interface configuration mode to specify the interface MTU.
Configurable interface MTU values depend on the interface type as follows:
The Fast Ethernet interface MTU is 1500 bytes (fixed, not configurable)
The Gigabit Ethernet interface MTU is as follows:
On a switch port, 1500 bytes is the default (use the no mtu command) or 9216 bytes (use the
mtu 9216 command)
On a routed port, use any value from 1500 bytes to 9216 bytes (use the mtu 1500-9216
command)
On a Gigabit Ethernet interface, each Gigabit Ethernet interface can have a different interface
MTU value.
The MTU for WAN interfaces is a variety of values depending on the encapsulation used.
The MTU for the VPN module interfaces is 4500 bytes (fixed, not configurable)
The switch makes forwarding decisions that are based on the MTU settings as follows:
The interface MTU setting is 1500 bytes. If the received packet length is greater than 1500 bytes,
the packets are dropped.