Showing results for 
Search instead for 
Did you mean: 

vSZ upgrade to 5.2 with AP's over tunnels

New Contributor II


I want to upgrade our 5.1.2 2xvSZ+2xvDP to 5.2.1 latest.

But I found from SZ-5.2.1-UpgradeGuide-RevA-20200731.pdf on page 23 this note:

"For remote APs connected over a VPN, the tunnel MTU must be reduced to 1400 (acceptable range is: 850 through 1500) to allow the configuration after upgrade. If there are many WLANs defined the MTU should be reduced further."

I checked quickly that our IPSEC tunnels for remote locations have MTU 1422 in the central VPN device and that this can't be changed with the current software version. There are reasons why the upgrade of the VPN-device wouldn't be a good idea at the moment. It has the latest software in its line so it isn't any ancient device though. Also, I didn't see such a note in the upgrade guide for 5.1.2 so this is a new note not just a general suggestion.


Hi Kem,

No, this is not a change with any specific version.

If default MTU is not supported by intermittent network nodes in the path of AP-Controller, you have to reduce the MTU size.

Syamantak Omer | Community moderator | Sr.Staff TSE | CWNA | CCNA | RASZA | RICXI

New Contributor II

OK, thank you very much, it is good to know. I was most worried about a possible change by controller part that the former setup wouldn't work anymore after upgrade while all the rest of the infrastructure is the same.