Interface Errors on a Cisco ASA 5520
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Interface Errors on a Cisco ASA 5520
by David Blahut
::
Rate this Message:
All-
I just put into production a pair of Cisco ASA 5520s with a Cisco 2970 switch between the two. I am seeing no buffer, input errors, and overrun errors on the active outside and inside interfaces (output is error free). I have all interfaces on the ASAs and the switch hard coded to 1000Mbps and full duplex, TAC wasn't much help and Google doesn't have much to offer on the subject. Given that speed and duplex mismatch usually manifest itself as CRC and or collisions this seems more like an input buffer size issue, but I am not sure. By the way, the load is about 40Mbps right now and the error counters seem to increase in burst (no increase since I first checked it at about 9 this morning). Any ideas? Thanks, David _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
|
|
Re: Interface Errors on a Cisco ASA 5520
by Christopher J. Wargaski
::
Rate this Message:
David--
Can you post a snipped of the interface statistics? Also, look at the interface statistics for the upstream and downstream switch or router.
On Fri, Jan 16, 2009 at 11:15 AM, David Blahut <dablahut@...> wrote: All- _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
|
|
Re: Interface Errors on a Cisco ASA 5520
by David Blahut
::
Rate this Message:
All the interface counters on the 2970 are holding steady at zero.
*****snip***** Interface GigabitEthernet0/0 "outside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps) MAC address 0019.e8d9.65d6, MTU 1500 IP address 10.0.2.254, subnet mask 255.255.255.0 75470149 packets input, 85638459632 bytes, 36635 no buffer Received 0 broadcasts, 0 runts, 0 giants 32081 input errors, 0 CRC, 0 frame, 32081 overrun, 0 ignored, 0 abort 0 L2 decode drops 54815945 packets output, 14582208506 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops input queue (curr/max packets): hardware (0/33) software (0/0) output queue (curr/max packets): hardware (0/45) software (0/0) Traffic Statistics for "outside": 75456180 packets input, 84247395544 bytes 54815945 packets output, 13513354970 bytes 1229667 packets dropped 1 minute input rate 3482 pkts/sec, 3765959 bytes/sec 1 minute output rate 2563 pkts/sec, 615114 bytes/sec 1 minute drop rate, 48 pkts/sec 5 minute input rate 3173 pkts/sec, 3494452 bytes/sec 5 minute output rate 2360 pkts/sec, 632499 bytes/sec 5 minute drop rate, 59 pkts/sec Interface GigabitEthernet0/1 "inside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps) MAC address 0019.e8d9.65d7, MTU 1500 IP address 10.0.1.1, subnet mask 255.255.255.0 53083032 packets input, 14467412251 bytes, 57 no buffer Received 24 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 78602459 packets output, 86261688947 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops input queue (curr/max packets): hardware (1/33) software (0/0) output queue (curr/max packets): hardware (0/232) software (0/0) Traffic Statistics for "inside": 53080231 packets input, 13433139678 bytes 78602459 packets output, 84817722165 bytes 105636 packets dropped 1 minute input rate 2464 pkts/sec, 593880 bytes/sec 1 minute output rate 3621 pkts/sec, 3820938 bytes/sec 1 minute drop rate, 6 pkts/sec 5 minute input rate 2266 pkts/sec, 523832 bytes/sec 5 minute output rate 3365 pkts/sec, 3565026 bytes/sec 5 minute drop rate, 9 pkts/sec ****snip**** -d Christopher J. Wargaski wrote: David-- _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
|
|
Re: Interface Errors on a Cisco ASA 5520
by H. Morrow Long
::
Rate this Message:
What are you seeing for entries in the logs on the ASA's syslog server(s)? Under a high input pkt rate, if the ASA rules are deny'ing many pits AND it is syslogging each deny - particularly if it has multiple syslog servers - could put an ASA under stress. Sent from my iPhone
_______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
|
|
Re: Interface Errors on a Cisco ASA 5520
by Christopher J. Wargaski
::
Rate this Message:
David-- This looks like a hardware problem, the ASA is not able to buffer the received traffic fast enough. What device is the upstream device sending the data? I am thinking that you should be contacting Cisco at this point.
On Fri, Jan 16, 2009 at 2:22 PM, David Blahut <dablahut@...> wrote:
cjw _______________________________________________ firewall-wizards mailing list firewall-wizards@... https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards |
| Free embeddable forum powered by Nabble | Forum Help |
