1 2 Previous Next 19 Replies Latest reply: Mar 26, 2013 5:01 AM by Daniel Dib CCIE #37149 CCDE #20160011 RSS

    MTU with VLAN tag


      Hello again.



      There is simple network diagram. Interesting part for me is:


      MTU on all devices is equal to 1500 bytes.

      R1#ping size 1500 df-bit


      Type escape sequence to abort.

      Sending 5, 1500-byte ICMP Echos to, timeout is 2 seconds:

      Packet sent with the DF bit set


      Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms


      SW2# d=, len 1500, rcvd 2

      17w1d: IP: s= (Vlan10), d=, len 1500, stop process pak for forus packet

      17w1d: IP: tableid=0, s= (local), d= (Vlan10), routed via FIB

      17w1d: IP: s= (local), d= (Vlan10), len 1500, sending

      17w1d: IP: s= (local), d= (Vlan10), len 1500, sending full packet


      The question is , where is 4 byte VLAN tag? Is this included in the packet when we use "size 1500 " command ?

        • 1. Re: MTU with VLAN tag
          Mohamed Sobair



          The Layer-2 MTU of 1500 byte includes the Frame and the Ethernet header plus the TAG.


          Actually the Total Layer-2 MTU including the Ethernet Header and CRC trailer should be set to 1522, but because the 1500 Byte calculate/include it , the MTU size is 1500. So the Conclusion is the 1500 MTU Size includes the Header and the Vlan TAG.


          However, when Dot1q Tunneling is in use, we should add another 4 byte to the original calculation to accomodate the inner vlan tag length , So the MTU should be Set to 1504.





          • 2. Re: MTU with VLAN tag

            "However, when Dot1q Tunneling is in use, we should add another 4 byte to the original calculation to accomodate the inner vlan tag length , So the MTU should be Set to 1504."


            But MTU is 1500, how this is possible? R1 doesn't know, that he is in VLAN 10. When the packet comes to the SW1 , SW1 adds 4 byte VLAN tag, and sents over the trunk. SW2 should receive a packet with 1504 bytes?

            • 3. Re: MTU with VLAN tag
              Mohamed Sobair

              The MTU of 1500 will work fine. because it the header and the vlan tag is calculated.


              I am saying if you have (Dot1q VLAN Tunneling) , we should add another 4 byte to the MTU to become 1504.


              The Dot1q Tunneling is mostly found in some Service Providers, they use this approach to TUNNEL Customer VLANS natively from one End to the other End.


              Your example doesnt use TUNNELING, So an MTU of 1500 should be fine with you.






              • 4. Re: MTU with VLAN tag

                Guys-  MTU is the payload that is being encapsulated in a L2 frame i.e. it is the L3 packet.  MTU for 802.3 ethernet (the Data block in attached image) ranges from 46-1500B.


                After adding an ethernet header and CRC, an 802.3 packet is 1518B.  The 18B are:

                6B Dest MAC

                6B Source MAC

                2B Len/Type

                4B CRC


                If you are tagging with 802.1Q then another 4B are added  to the L2 header (after the SrcMAC address) for a total L2 frame size of 1522B.  figure-13-ieee-8021q-vlan1.png

                So, to address the original question - the size 1500 command specifies the size of the L3 packet encapsulated by the L2 protocol.  The 4B 802.1Q tag is an addition to the L2 header and wouldn't change the MTU size.

                • 5. Re: MTU with VLAN tag

                  Thank you. How to mark your answer as correct?

                  • 6. Re: MTU with VLAN tag
                    Elvin Arias

                    You should take a look to the 802.3ac what the IEEE basically did was "enhance" Ethernet to let it handled bigger frames (because of the 802.1Q and 802.1p), it doesn't need to be fragmented at all. Basically an Ethernet frame can have a 1522 bytes in size, and that would be normal.



                    • 7. Re: MTU with VLAN tag
                      Cristian F. Stoica

                      There is a confusion here, the MTU refers to the size of the frame not the size of the L3 payload. 802.1q encapsulation can carry both IP and IPX frames over a trunk link.

                      That being said, the default maximum transmission unit is 1500 and with the VLAN tag it increases with additional 4 bytes. Therefore, the recommended minimum MTU is 1504.


                      • 8. Re: MTU with VLAN tag

                        Cristian-  I've googled this extensively but am still not sure I agree.  Your link talks about MTU but I don't believe it explicitly states MTU = frame size.


                        This link shows it visually (although could be confusing because the FCS is not shown.  http://packetlife.net/blog/2008/nov/5/mtu-manipulation/


                        The first paragraph states "The Maximum Transmission Unit (MTU) is the maximum length of data that can be transmitted by a protocol in one instance. For example, the MTU of Ethernet (by default 1500) is the largest number of bytes that can be carried by an Ethernet frame (excluding the header and trailer)."


                        My understanding is that when talking Ethernet - the term MTU specifies the maximum payload for a L2 protocol, while Frame Size specifies L2 Info + MTU.  Can you explain your thoughts further?

                        • 9. Re: MTU with VLAN tag
                          Cristian F. Stoica

                          Yes, that is correct. The Ethernet MTU refers to the amount of data an Ethernet frame can carry but I assume that VLAN tag is considered to be data too, otherwise why would Cisco recommended changing the MTU for Dot1q trunk links to 1504? The ethernet standard 802.3 header does not include the VLAN tag in its specifications. Although 802.1Q is a standards protocol I wasn't able to find the RFC for it so I'm basing my rationale only on the link given above from the Cisco website and my understanding of the frame structure. Please let me know if you find any other literature that contradicts this.

                          • 10. Re: MTU with VLAN tag
                            Cristian F. Stoica

                            I see the ambiguity that my statement could produce. When I was saying L3 Payload I was refering to the amount of data contained in an IP packet, not the whole IP packet. Thanks for clarifying this, the link you've cited explains this very well.

                            • 11. Re: MTU with VLAN tag

                              The original question should have asked whether we were referring to 802.3 , 803.3ac or 802.3z

                              As the spec used specifics the mtu size?.

                              • 12. Re: MTU with VLAN tag

                                hi efx,


                                right in the beginning, when the switch creates the icmp message(packet and frame), the switch is not yet aware that it might has to send the frame via a trunk connection.

                                it could also be that you ping a host on the local switch and thus the original frame doesnt have a vlan tag. the 1500 bytes are plain data and are added to the 18byte of the frame header.


                                only when the switch has to send the frame via a trunk link, then the switch adds the 4byte vlan tag and the result will be a 1522byte long frame.


                                you could also imagen a broadcast scenario in which you send a broadcast into a vlan.

                                all the ports in the vlan get the frame, obviously without a vlan tag, cause its just not necessary, and only the trunk link would add a vlan tag to the frame.


                                that are my 2 cents

                                • 13. Re: MTU with VLAN tag
                                  David Greuez

                                  It's never too late to give an answer... (I'm studying for CCNA)


                                  Condensed facts about MTU, Payload, Frame size... :


                                  • MTU = Packet size = Payload
                                  • Ethernet frame size = Ethernet headers + MTU (default 1500) + CRC
                                  • Vlan Trunking adds an extra 4-Byte tag in header (between source MAC and Lenght/Type fields)


                                  Technote used as reference: Here


                                  Standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518. In this document, MTU size or packet size refers only to Ethernet payload. Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes.

                                  • 14. Re: MTU with VLAN tag
                                    David Greuez

                                    And in the same document, the calculations and commands:


                                    1 2 Previous Next