crypto ipsec df-bit

Last Updated : Jul 02, 2019 |

Sets the Don’t-Fragment bit to clear or copy. Use no crypto ipsec df-bit to restore the Don’t-Fragment bit to the default value: copy.

clear — the DF bit of the encapsulated packet is never set, and PMTUD is not maintained for the IPSec tunnel. Packets traversing an IPSec tunnel are pre-fragmented according to the MTU of the SA, regardless of their DF bit. In case packets are fragmented, the DF bit is copied to every fragment of the original packet.
copy — the DF bit of the encapsulated packet is copied from the original packet, and Path MTU Discovery (PMTUD) is maintained for the IPSec tunnel.

Syntax

[no] crypto ipsec df-bit {clear | copy}

Parameters


Parameter	Description	Possible Values	Default Value
clear	Keyword indicating to clear the Don’t-Fragment bit
copy	Keyword indicating to copy the Don’t-Fragment bit

User level

read-write

Context

interface:Serial (DS1 PPP L2, DS1 PPP L2-L3, DS1 FR-SUB L2, DS1 FR-SUB L2-L3, USP PPP L2, USP PPP L2-L3), FastEthernet (L2, L2-L3, PPP L2, PPP L2-L3), VLAN (L2, L2-L3), Dialer (L2, L2-L3)

Example

To set the Don’t-Fragment bit to the state of clear:

Gxxx-001(if:fastEthernet 10/3)# crypto ipsec df-bit clear

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found