Palo Alto Networks Knowledgebase: Identify configured Interface MTU

Identify configured Interface MTU

4967
Created On 02/08/19 00:06 AM - Last Updated 02/08/19 00:06 AM
Mobile Network Infrastructure
Symptom

How to identify the Interface MTU via the CLI? Why dont we see it for all interfaces?



Resolution

Interface MTU size via the CLI can be identified via the following command :

> show interface <interface-name>

 

Example :

admin@myNGFW> show interface ethernet1/1

--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Link status:
  Runtime link speed/duplex/state: 1000/full/up
  Configured link speed/duplex/state: auto/auto/auto            
MAC address:
  Port MAC address 00:1b:17:00:01:10
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/1, ID: 16
Operation mode: layer3
Virtual router vr_internet
Interface MTU 1500
Interface IP address: 198.51.100.241/24
Interface management profile: all
  ping: yes  telnet: yes  ssh: yes  http: yes  https: yes  
  snmp: yes  response-pages: yes  userid-service: no
Service configured: DHCP SSL-VPN
Zone: v1-untrust, virtual system: vsys1
Adjust TCP MSS: n

 

 

The command 'show interface <interface-name>', will not populate information unless the interface belongs to a Virtual Router.

Some caveats exist:

 

1. Aggregate Ethernet Layer 3 Interfaces will not show this information considering it is not individually added to the VR but rather relies on the Aggregate Group configuration.

admin@myNGFW> show interface ethernet1/20

--------------------------------------------------------------------------------
Name: ethernet1/20, ID: 35
Link status:
  Runtime link speed/duplex/state: unknown/unknown/down
  Configured link speed/duplex/state: auto/auto/auto            
MAC address:
  Port MAC address 00:1b:17:00:01:23
Aggregate group : ae1
Operation mode: layer3

 

2. Dedicated-HA interfaces also will not show this information.

admin@myNGFW> show interface dedicated-ha1

--------------------------------------------------------------------------------
Name: dedicated-ha1, ID: 5
Link status:
  Runtime link speed/duplex/state: unknown/unknown/down
  Configured link speed/duplex/state: auto/auto/auto            
MAC address:
  Port MAC address 00:1b:17:ff:cf:c5
Operation mode: ha
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: dedicated-ha1, ID: 5
Operation mode: ha
Interface IP address: 3.3.3.1/30
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: N/A
Adjust TCP MSS: no

 

3. The root Aggregate Group interface is typically not added to a virtual router as tagged sub-interfaces are used to configure IP subnets instead:

admin@myNGFW> show interface ae1

--------------------------------------------------------------------------------
Name: ae1, ID: 48
Link status:
  Runtime link speed/duplex/state: unknown/unknown/down
  Configured link speed/duplex/state: auto/auto/auto            
MAC address:
  Port MAC address 00:1b:17:00:01:30
Aggregate group members: 2
  ethernet1/19 ethernet1/20
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ae1, ID: 48
Operation mode: layer3
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: vsys2
Adjust TCP MSS: no

While the sub-interface will have MTU information as it is added to the VR:

admin@myNGFW> show interface ae1.2

--------------------------------------------------------------------------------
Name: ae1.2, ID: 276, 802.1q tag: 2
Operation mode: layer3
Virtual router tst
Interface MTU 9192
Interface IP address: 198.51.100.77/24
Interface management profile: N/A
Service configured:
Zone: ag-trust, virtual system: vsys2
Adjust TCP MSS: no

 

 

To be able to identify the interface MTU for all the dataplane interfaces, regardless of their VR membership you can use the following command:

 

> show system state filter-pretty sw.dev.interface.config

admin@myNGFW> show system state filter-pretty sw.dev.interface.config

sw.dev.interface.config: {
  TCI: {
    hwaddr: 00:1b:17:00:01:0c,
    mtu: 9192,
  },
  ae1: { },
  ae1.2: { },
  ethernet1/1: {
    hwaddr: 00:1b:17:00:01:10,
    mtu: 9192,
  },
  ethernet1/1.20: { },
  ethernet1/10: {
    hwaddr: 00:1b:17:00:01:19,
    mtu: 9192,
  },
  ethernet1/11: {
    hwaddr: 00:1b:17:00:01:1a,
    mtu: 9192,
  },
  ethernet1/12: {
    hwaddr: 00:1b:17:00:01:1b,
    mtu: 9192,
  },
  ethernet1/13: {
    hwaddr: 00:1b:17:00:01:1c,
    mtu: 9192,
  },
  ethernet1/14: {
    hwaddr: 00:1b:17:00:01:1d,
    mtu: 9192,
  },
  ethernet1/15: {
    hwaddr: 00:1b:17:00:01:1e,
    mtu: 9192,
  },
  ethernet1/16: {
    hwaddr: 00:1b:17:00:01:1f,
    mtu: 9192,
  },
  ethernet1/17: {
    hwaddr: 00:1b:17:00:01:20,
    mtu: 9192,
  },
  ethernet1/18: {
    hwaddr: 00:1b:17:a0:db:21,
    mtu: 9192,
  },
  ethernet1/19: {
    hwaddr: 00:1b:17:00:01:22,
    mtu: 1500,
  },
  ethernet1/2: {
    hwaddr: 00:1b:17:00:01:11,
    mtu: 9192,
  },
  ethernet1/20: {
    hwaddr: 00:1b:17:00:01:23,
    mtu: 1500,
  },
  ethernet1/3: {
    hwaddr: 00:1b:17:00:01:12,
    mtu: 9192,
  },
  ethernet1/4: {
    hwaddr: 00:1b:17:00:01:13,
    mtu: 9192,
  },
  ethernet1/5: {
    hwaddr: 00:1b:17:00:01:14,
    mtu: 9192,
  },
  ethernet1/6: {
    hwaddr: 00:1b:17:00:01:15,
    mtu: 9192,
  },
  ethernet1/7: {
    hwaddr: 00:1b:17:00:01:16,
    mtu: 9192,
  },
  ethernet1/8: {
    hwaddr: 00:1b:17:00:01:17,
    mtu: 9192,
  },
  ethernet1/9: {
    hwaddr: 00:1b:17:00:01:18,
    mtu: 9192,
  },
  ha1: { },
  ha2: { },
  loopback: { },
  loopback.20: { },
  loopback.5: { },
  tunnel: { },
  tunnel.1: { },
  tunnel.2: { },
  tunnel.230: { },
  tunnel.5: { },
  vlan: { },
  vlan.100: { },
}

 

Note : MTU information for dedicated HA interfaces is obtained through a different command:

 

HA1 information can be otained through

>show system state filter-pretty ha.net.s0.dedicated-ha1.cfg

admin@myNGFW> show system state filter-pretty ha.net.s0.dedicated-ha1.cfg
ha.net.s0.dedicated-ha1.cfg: {
  broadcast: 3.3.3.3,
  disable-dhcp: True,
  encrypt: {
    enable: False,
  },
  fips-gated: True,
  hwaddr: 00:1b:17:ff:cf:c5,
  ifindex: 3,
  ipaddr: 3.3.3.1,
  mtu: 1500,
  netmask: 255.255.255.252,
  onboot: True,
  routes: { },
  up: True,
  v6routes: { },
  vif: False,
}

 

HA2 interfaces operates a little differently and uses MRU instead:

> show system state filter-pretty ha.net.s0.dedicated-ha2.hwcfg

 

admin@myNGFW> show system state filter-pretty ha.net.s0.dedicated-ha2.hwcfg

ha.net.s0.dedicated-ha2.hwcfg: {
  farloop: False,
  link: Down,
  mode: Autoneg,
  mru: 10048,
  nearloop: False,
  pause-frames: True,
  setting: 1Gb/s-full,
  type: HA,
}

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljICAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language