cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1156
Views
0
Helpful
3
Replies

ASA 5520 inside int connected to a hub

iholdings
Level 1
Level 1

Greetings,

We are in the process of transitioning from a hub to a switch network connection on our current inside interface on the ASA 5520.

However, in the meantime - we've been observing incrementing errors specifically eth collisions and deferred packets and dropped packets

only on that interface that's attached to the hub:

Interface GigabitEthernet0/1 "inside", is up, line protocol is up

  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

MAC address 0013.c480.5e0b, MTU 1500

IP address 172.16.0.32, subnet mask 255.255.0.0

1343330 packets input, 308281070 bytes, 0 no buffer

Received 19733 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

1762913 packets output, 1087630810 bytes, 0 underruns

0 output errors, 190190 collisions, 0 interface resets

0 late collisions, 121362 deferred

0 input reset drops, 0 output reset drops, 0 tx hangs

input queue (curr/max packets): hardware (0/33) software (0/0)

output queue (curr/max packets): hardware (0/155) software (0/0)

  Traffic Statistics for "inside":

1343330 packets input, 281302280 bytes

1762913 packets output, 1054835780 bytes

11343 packets dropped

      1 minute input rate 2051 pkts/sec,  389541 bytes/sec

      1 minute output rate 2697 pkts/sec,  1617916 bytes/sec

      1 minute drop rate, 18 pkts/sec

      5 minute input rate 2398 pkts/sec,  540898 bytes/sec

      5 minute output rate 3128 pkts/sec,  1910413 bytes/sec

      5 minute drop rate, 19 pkts/sec

++

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 172.16.0.32 255.255.0.0

Are there any settings (speed/duplex) on the ASA inside int that I could implement as a workaround to fix these errors?

Through a number of test windows - when we connect the inside interface to the switch - the current int settings work and we

are getting the correct speed/duplex - and the errors disappear.

Thanks for your assistance.

1 Accepted Solution

Accepted Solutions

Kimberly Adams
Level 3
Level 3

Hi iholdings,

If you look at the interface status you will see that this firewall interface is autonegotiationing to half duplex or one-way communcations.  This tells me that the hub you have your firewall connected to is not able to full duplex but the new switch will autonegotiate to full duplex with your firewall.

Half duplex always causes errors on your interface and they will go away with the new switch.

Thanks,

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.

View solution in original post

3 Replies 3

Kimberly Adams
Level 3
Level 3

Hi iholdings,

If you look at the interface status you will see that this firewall interface is autonegotiationing to half duplex or one-way communcations.  This tells me that the hub you have your firewall connected to is not able to full duplex but the new switch will autonegotiate to full duplex with your firewall.

Half duplex always causes errors on your interface and they will go away with the new switch.

Thanks,

Kimberly

Thanks and Cheers! Kimberly Please remember to rate helpful posts.

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

As Kimberly said, if you cannot configure or hard-code the HUB to have a full duplex configuration on it´s interface there is nothing you can do as there will always be collisions causing errors.

So try to change that ( not sure if your hub will allow it) or use the switch ASAP so you can see the changes on the behavior of your network.

Regards,

Julio

Do rate helpful posts!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

iholdings
Level 1
Level 1

Thanks to both.

We escalated the move over to the switch -anf that solved our problems.

Thanks again.

Review Cisco Networking for a $25 gift card