Setting A Range For The Maximum Segment Size - Cisco 4700M Configuration Manual

Configuring a Connection Parameter Map for TCP/IP Normalization and Termination

Setting a Range for the Maximum Segment Size

Caution
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
4-10
Chapter 4
The maximum segment size (MSS) is the largest amount of TCP data that the ACE
accepts in one segment. To prevent the transmission of many smaller segments
that waste bandwidth or very large segments that may require fragmentation, you
can set the minimum and maximum acceptable sizes of the MSS. To set the MSS,
use the set tcp mss command in parameter map connection configuration mode.
The syntax of this command is as follows:
set tcp mss min number1 max number2
The keywords and arguments are as follows:
min number1—Specifies the smallest segment size that the ACE will accept.
•
Enter an integer from 0 to 65535 bytes. The default is 0 bytes. The min
number value must be less than or equal to the max number value. A value of
0 instructs the ACE to not perform a minimum MSS check on the incoming
segment.
max number2—Specifies the largest segment size that the ACE will accept.
•
Enter an integer from 0 to 65535 bytes. The default is 1460 bytes. The max
number value must be greater than or equal to the min number value. A value
of 0 instructs the ACE to not perform a maximum MSS check on the incoming
segment.
If you configure a Layer 7 policy map and set the maximum transmit unit (MTU)
of the ACE server-side VLAN lower than the client maximum segment size
(MSS), ensure that the maximum value of the MSS that you set for the ACE using
the set tcp mss max command is at least 40 bytes (the size of the TCP header plus
options) less than the MTU of the ACE server-side VLAN. Otherwise, the ACE
may discard incoming packets from the server.
Configuring TCP/IP Normalization and IP Reassembly Parameters
OL-16202-01