Avaya G430 Branch Gateway CLI Reference

crypto ipsec df-bit

Last Updated : Jul 02, 2019 |

Sets the Don’t-Fragment bit to clear or copy. Use no crypto ipsec df-bit to restore the Don’t-Fragment bit to the default value: copy.

clear — the DF bit of the encapsulated packet is never set, and PMTUD is not maintained for the IPSec tunnel. Packets traversing an IPSec tunnel are pre-fragmented according to the MTU of the SA, regardless of their DF bit. In case packets are fragmented, the DF bit is copied to every fragment of the original packet.
copy — the DF bit of the encapsulated packet is copied from the original packet, and Path MTU Discovery (PMTUD) is maintained for the IPSec tunnel.

[no] crypto ipsec df-bit {clear | copy}


Parameter	Description	Possible Values	Default Value
clear	Keyword indicating to clear the Don’t-Fragment bit
copy	Keyword indicating to copy the Don’t-Fragment bit

read-write

interface:FastEthernet (L2, L2-L3, PPP L2, PPP L2-L3), VLAN (L2, L2-L3), Dialer (L2, L2-L3)

To set the Don’t-Fragment bit to the state of clear:

Gxxx-001(if:fastEthernet )# crypto ipsec df-bit clear

Send Feedback