This article lists the ScreenOS platforms that support jumbo frames, and describes what happens when you enable jumbo frame support.
Jumbo frame support is available in ScreenOS 6.0.0 and later. Jumbo frames are supported on the ISG-1000 and ISG-2000 devices without IDP. Jumbo frames are also supported on the NS-5000 series running MGT2 and SPM2 cards and the NS-5000 series running MGT3 and SPM3 cards.
Limitation: DI and IDP are not supported in jumbo frame mode.
Enabling Jumbo Frame Mode: To enable jumbo frame mode, use the following command:
set envar max-frame-size=<size>
Set size to any value between 1514 through 9830, inclusive. For example, set size to 7500, as in this example: set envar max-frame-size=7500. Note that there are no spaces before or after the equal sign (=).
Important: When you enable jumbo frames and restart the security device, only interfaces on the 4-port SFP IO card and the management Ethernet interface become active. This scenario is shown in the example below.
Showing Max Frame Size Setting: To show the max-frame-size setting, use the following command:
get envar
Disabling Jumbo Frame Mode: To disable jumbo frames support and return the device to the normal maximum frame size (1514 bytes), use the following command:
unset envar max-frame-size
Example
Important: Use caution when enabling jumbo frame support on a production setup:
-
After enabling jumbo frame support and rebooting, the interfaces that do not support jumbo frame will not be available for any configuration. However, the old configuration will be available in the flash.
Before setting the envar
nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 01:06:43 by netscreen
sme=
patch=init
.hash-seg=7 (1327135036)
nsisg1000->
nsisg1000-> get int
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
eth1/1 1.1.1.1/24 Trust 0010.dbb8.a6c7 - D - Root <<<<<<<< eth1/1 is configured with IP
eth1/2 0.0.0.0/0 Null 0010.dbb8.a6c8 - D - Root
eth1/3 0.0.0.0/0 Null 0010.dbb8.a6c9 - D - Root
eth1/4 0.0.0.0/0 Null 0010.dbb8.a6ca - D - Root
eth2/1 0.0.0.0/0 Null 0010.dbb8.a6d5 - D - Root
eth2/2 0.0.0.0/0 Null 0010.dbb8.a6d6 - D - Root
eth2/3 0.0.0.0/0 Null 0010.dbb8.a6d7 - U - Root
eth2/4 0.0.0.0/0 Null 0010.dbb8.a6d8 - U - Root
eth2/5 0.0.0.0/0 Null 0010.dbb8.a6d9 - U - Root
eth2/6 0.0.0.0/0 Null 0010.dbb8.a6da - D - Root
eth2/7 0.0.0.0/0 Null 0010.dbb8.a6db - D - Root
eth2/8 0.0.0.0/0 Null 0010.dbb8.a6dc - D - Root
eth3/1 0.0.0.0/0 Null 0010.dbb8.a6dd - D - Root
eth3/2 0.0.0.0/0 Null 0010.dbb8.a6de - D - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root
nsisg1000-> set envar max-frame-size=9000
The system must be reboot for new setting to take effect!
nsisg1000->
nsisg1000-> reset
System reset, are you sure? y/[n] y
In reset ...
While rebooting
Unsupported command - set interface "ethernet1/1" zone "Trust"
.....
Unsupported command - set interface ethernet1/1 ip 1.1.1.1/24
.
Unsupported command - set interface ethernet1/1 nat
.......
Unsupported command - set interface ethernet1/1 ip manageable
After rebooting
nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 22:28:50 by netscreen
sme=
patch=init
.hash-seg=7 (1327135036)
max-frame-size=9000 <<<<<< Jumbo frame enabled
nsisg1000->
Interface eth1/1 and its IP is not seen below:
nsisg1000-> get int
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root
nsisg1000->
nsisg1000->
nsisg1000-> save <<<< Save will save the configuration in memory; that is, without eth1/1
Save System Configuration ...
Done
nsisg1000->
nsisg1000->
nsisg1000-> unset envar max-frame-size=9000
The system must be reboot for new setting to take effect!
nsisg1000->
nsisg1000->
nsisg1000-> reset
System reset, are you sure? y/[n] y
In reset ...
After removing Jumbo frame and rebooting
nsisg1000-> get envar
default_image=screenos_image
run_image=default (screenos_image)
loader_version=1.0.3
last_reset=2013-12-19 22:33:20 by netscreen
sme=
patch=init
.hash-seg=7 (1079658583)
nsisg1000->
nsisg1000->
nsisg1000-> get int
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN State VSD Vsys
mgt 10.204.8.37/24 MGT 0010.dbb8.a6c0 - U - Root
eth1/1 0.0.0.0/0 Null 0010.dbb8.a6c7 - D - Root <<< eth1/1 lost the earlier configuration
eth1/2 0.0.0.0/0 Null 0010.dbb8.a6c8 - D - Root
eth1/3 0.0.0.0/0 Null 0010.dbb8.a6c9 - D - Root
eth1/4 0.0.0.0/0 Null 0010.dbb8.a6ca - D - Root
eth2/1 0.0.0.0/0 Null 0010.dbb8.a6d5 - D - Root
eth2/2 0.0.0.0/0 Null 0010.dbb8.a6d6 - D - Root
eth2/3 0.0.0.0/0 Null 0010.dbb8.a6d7 - U - Root
eth2/4 0.0.0.0/0 Null 0010.dbb8.a6d8 - U - Root
eth2/5 0.0.0.0/0 Null 0010.dbb8.a6d9 - U - Root
eth2/6 0.0.0.0/0 Null 0010.dbb8.a6da - D - Root
eth2/7 0.0.0.0/0 Null 0010.dbb8.a6db - D - Root
eth2/8 0.0.0.0/0 Null 0010.dbb8.a6dc - D - Root
eth3/1 0.0.0.0/0 Null 0010.dbb8.a6dd - D - Root
eth3/2 0.0.0.0/0 Null 0010.dbb8.a6de - D - Root
loopback.1 21.21.21.1/24 Untrust N/A - U - Root
loopback.4 31.31.31.1/24 Trust N/A - U - Root
vlan1 0.0.0.0/0 VLAN 0010.dbb8.a6cf 1 D - Root
null 0.0.0.0/0 Null N/A - U - Root
nsisg1000->
nsisg1000->
2020-12-21: Article reviewed for accuracy, article correct and complete