cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
181
Views
0
Helpful
2
Replies
Highlighted
Beginner

Missed Packet thresh hold

I am using a 4270 IPS. I am getting Missed packet thresh hold exceeded.  100 % of packets were missed. 

 

I want to know , what is a missed packets ? & why these comes on interface. 

 

 

Everyone's tags (2)
2 REPLIES 2
Cisco Employee

 Have you enabled the virtual

 

Have you enabled the virtual sensor (vs0) on the IPS?

If you IDM into the IPS, you can check the following:

Configuration --> Policies --> IPS Policies --> edit "vs0" --> tick "Assigned" for gig3/3  --> OK --> click "Apply"

I noticed that as soon as the interface comes back up it exceeds the threshold of the interface almost immediately. It's possible that the interface is oversubscribed. You want to check the amount of traffic you have going through the interface and see if you can limit them via ACL's. 

 

The other thing I noticed is that along with the up/down alarms there are numerous TCP Segment Overwrite (1300-0) alerts in the alarm channel. The signature likely needs to be tuned for your environment.

Beginner

Hi Largenb,  Thanks for

Hi Largenb, 

 

Thanks for response, Yes I have already checked, IPS policy is properly applied.   IPS interface is receiving around 300 Mbps traffic, but IPS is 4270, whose troughput is 4 gbps.  below is the show interface statistics for my interface. 

 

show interfaces gigabitEthernet3/2
MAC statistics from interface GigabitEthernet3/2
    Interface function = Sensing interface
    Description =  SW1 Port 0/2
    Media Type = TX
    Default Vlan = 0
    Inline Mode = Unpaired
    Pair Status = N/A
    Hardware Bypass Capable = Yes when paired with GigabitEthernet3/3
    Hardware Bypass Paired = No
    Link Status = Up
    Admin Enabled Status = Enabled
    Link Speed = Auto_1000
    Link Duplex = Auto_Full
    Missed Packet Percentage = 99
    Total Packets Received = 171259
    Total Bytes Received = 1214483055
    Total Multicast Packets Received = 26
    Total Broadcast Packets Received = 0
    Total Jumbo Packets Received = 0
    Total Undersize Packets Received = 0
    Total Receive Errors = 2073827
    Total Receive FIFO Overruns = 1978
    Total Packets Transmitted = 0
    Total Bytes Transmitted = 132603584
 
--MORE--
        
   Total Multicast Packets Transmitted = 0
    Total Broadcast Packets Transmitted = 0
    Total Jumbo Packets Transmitted = 0
    Total Undersize Packets Transmitted = 0
    Total Transmit Errors = 0
    Total Transmit FIFO Overruns = 0

 

Please suggest. Inspection load of IPS is normal, my other interface of IPS is running in Inline which is working properly. 

 

 

 

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here