TCP Maximum Segment Size is the maximum allowable TCP payload size as show in the below diagram.
You can find a nice article on this & MTU in below blog post from Packetlife.net (above diagram from this blog page)
MTU Manipulation
If client’s maximum segment size (MSS) in a TCP 3-way handshake is greater than the maximum transmission unit can handle, the client might experience reduced throughput and the fragmentation of the packets. To avoid this problem you can specify the MSS for all APs that are joined to WLC or for specific AP.
When you enable this feature, the AP selects for TCP packets to and from wireless clients in its data path. If the MSS of these packets is greater than the value that you configured or greater than the default value for the CAPWAP tunnel, the AP changes the MSS to the newly configured value.
You can configure this via GUI or CLI on globally (All AP) or individual AP. Here is the GUI setting for global configuration. Allowable size is 536-1363 bytes & once you enabled default to 1363 byte.
You can configure this on AP level under Advanced settings of particular AP. If you enabled it globally & try to disable it on certain APs it won’t work. (solution is to disable it globally & configure it only required AP in that case)
Here is the CLI command how you can configure it. You have to reset the controller to take effect of this command.
config ap tcp-adjust-mss {enable|disable} {Cisco_AP_Name|all} {size[536-1363]
You can see the current TCP MSS settings for a AP by using “show ap tcp-mss-adjust {Cisco_AP|All} ” or “show ap config general Cisco_AP” command as shown below.
(4402-a) >show ap tcp-mss-adjust all AP Name TCP State MSS Size ------------------ -------- ------- 3502-d enabled 1363 1252-c disabled - (4402-a) >show ap config general 3502-d Cisco AP Identifier.............................. 0 Cisco AP Name.................................... 3502-d Country code..................................... AU - Australia Regulatory Domain allowed by Country............. 802.11bg:-A 802.11a:-N . . . AP Link Latency.................................. Disabled Rogue Detection.................................. Enabled AP TCP MSS Adjust................................ Enabled AP TCP MSS Size.................................. 1363
.
mrn-cciew 
Hi Rasika,
Do you have any documentation or links for how to calculate the best value ?
This paramater is very important when the WLC is central and AP are in remote site maily when you have encapsulation like VPN or GRE.
For the moment I tried different value and tested with Iperf until I found the best throughput.
I do not think you should tweak it too much unless you have a problem with it.
Are you facing some crtical issues with this ?
Rasika
This parameter is not important for most case but if you would achieve the maximum throughput in central deployment, with AP in local mode for remote site, over any encapsulation protocol this value must be customized.
I win around 10% of bandwidth 😉
Hello Rasika,
Is it safe to consider the tcp mss feature as a best practice configuration in a local deployment scenario for a large enterprise with remote sites ?
I would leave this as default
From one of the most recent best practices guide for 8.6 https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-6/b_Cisco_Wireless_LAN_Controller_Configuration_Best_Practices.html#concept_9C3806DC6959422B8C536EEBF3A66D59
Enable TCP MSS across all APs
To optimize the TCP client traffic encapsulation in CAPWAP, it is recommended to always enable TCP MSS feature, as it can reduce the overall amount of CAPWAP fragmentation, improving overall wireless network performance. The MSS value should be adjusted depending of the traffic type and MTU of the WLC-AP path. In general, a 1300 bytes value is a good average, although it can be further optimized depending on your setup.
For our environment, it was necessary to lower that value ; as we are using anchored wlan + wan over vpn ; this provoke long packets to be dropped with default mtu value. i configured this value to 1300 and i don’t have troubles anymore.
Thanks for this info. may be useful to others
we were having issues with apple device. Cisco wlc and anchor mobility setup with clearpass doing external web-auth. All windows and android devices worked, except apple. The guest portal would not load (blank webpage). After a lot of painful troubleshooting, and packet capture, this setting was the fix. Enabled globally, with the default value (1363). Thanks heaps!
Good to know this settings help to fix that issue.
Thanks for sharing your fix Caroline.
Rasika
Hello Guys,
Please i need help.
I recently deployed a C3850 WLC, everything is working fine except that the users can’t play MINECRAFT online game when connected to any AP on the C3850.
I also have an Autonomous AP in this same location, if the users connect to the Autonomous AP, they will successfully connect to the MineCraft game but each time they connect to any AP on the C3850, the game doesn’t play.
Please advice on what I should do.
Did you able to take a wire shark capture on AP connected switchport & see what exactly happening ?
Hello does tcp mss works on flex connect local switching?
Haven’t tested by me
Hi, I have an issue related to web auth, central auth on WLC, and flexconnect AP local switching. I saw in many places that I need to change this value, but I don’t know which one is the best. Does exist any table with this values ?
Hi Renan,
I have seen few thread that changing 1250 fix some issues. Not sure that value help to fix your issues though
https://supportforums.cisco.com/discussion/13089001/packet-loss-2800-ap
Rasika
I am wondering, Can you change mtu of the WLC itself?
Hi,
I am facing a random limited connectivity .Few client goes limited with yellow exclamation mark.
Please give any suggestion to avoid this issue. Update driver but not success.
Regards,
Sadav Ansari
Most likely it could be client driver or wlc software defect.
Hello Folks,
Does anyone know making the global configuration changes from GUI require a reboot?
Please let me know if you know the answer.
Thanks
No it doesn’t. What global change you referring to
Rasika