-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We've been seeing some MTU discovery issues on our wireless network for some time now. The key symptom is wireless clients whose local firewall drops fragmented packets can't reach certain sites (Google and its fellows, most notably).
That's the effect, not the cause. According to our IDS, the wireless routers are sending ICMP 3:4s [frags needed && DF set] to the remote sites which presumably eat or ignore them. What none of my sniffs can find are ICMP 3:4s sent to the wireless clients themselves. Nothing, not a one. As the tunnel between AC and AP obscures what may be the missing 3:4s, I can't say they're not being generated. What I can say for certain they're not appearing on the wireless side of things. There's a growing blame-the-firewall movement with obvious deleterious effects, so I'm eager to solve this problem. Anyone else seen this on their wireless LANs? We're Chantry, but I presume any vendor that uses some tunnel between the access points and access controllers is at risk for the same behavior (Cisco/GRE, Aruba/IPSec, etc). Any ideas? Wyman Miles Senior Security Engineer Cornell University, Ithaca, NY (607) 255-8421 -----BEGIN PGP SIGNATURE----- Version: Mulberry PGP Plugin v3.0 Comment: processed by Mulberry PGP Plugin iQA/AwUBQ1VkccRE6QfTb3V0EQKuIgCfYo56WRtig7KoV5cUBSn3cv52C/cAoNOw f2ATOgQK39UMaFOVlWGd+PoR =RzCY -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
