cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1616
Views
0
Helpful
3
Replies

ASA 5520 - strange trunk int errors

Barry
Level 1
Level 1

I have some strange behavior on the trunk interface of an ASA. This trunk is carrying traffic for 5 vlans on a 2960G switch. I believe the L2 decodes are occurring because of vlan traffic sourcing from the switch that is not configured on the ASA. The giants and input errors are where I am having troubleshooting issues. MTU is set to 9000 on the switch and on each vlan int. Switch # sh sys mtu shows the following output:

System MTU size is 1500 bytes

System Jumbo MTU size is 9000 bytes

Routing MTU size is 1500 bytes

ASA trunk int shows giants and input errors... but the switch is configured for 9000..
Interface GigabitEthernet0/2 "", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is unsupported
        Available but not configured via nameif
        MAC address 5475.****.****, MTU not set
        IP address unassigned
        6612521563 packets input, 9013853250037 bytes, 0 no buffer
        Received 530021 broadcasts, 0 runts, 68861 giants
        69102 input errors, 0 CRC, 0 frame, 241 overrun, 0 ignored, 0 abort
        44982 L2 decode drops
        3516425040 packets output, 479312563050 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)
ASA vlan int shows 9000 mtu... and a ton of dropped packets :
Interface GigabitEthernet0/2.** "inside_****", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        VLAN identifier **
        MAC address 5475.****.****, MTU 9000
        IP address 10.*.*.*, subnet mask 255.255.255.0
  Traffic Statistics for "inside_db":
        1184056064 packets input, 1472918500172 bytes
        713431477 packets output, 133536616797 bytes
        143785 packets dropped
switch trunk interface looks fine:
GigabitEthernet0/2 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is a8b1.****.**** (bia a8b1.****.****)
  Description: gw01 TRUNK
  MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 3/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters 5w0d
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2086000 bits/sec, 747 packets/sec
  5 minute output rate 12837000 bits/sec, 1301 packets/sec
     3109987935 packets input, 479312642603 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     6626460194 packets output, 9014919407805 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
Any feedback is greatly appreciated! Thank you.
oh...
switch: 12.2(44)SE6
fw: 8.3(1)

3 Replies 3

fadlouni
Level 1
Level 1

Hi.

asa5520 doesn't support jumbo frames, even though the mtu can be increased. only 5580 does support it.

to enable jumbo frame support you need 2 things:

1- enable :  "jumbo-frame reservation" http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/jk.html#wp1633967

this command is only available on asa5580 platform.

2- increase mtu size beyond 1500.

3- increase tcp mss.

Since point 1 only works on 5580, lower asa platforms can't handle jumbo-frames.

Regards,

Fadi.

I was un-aware that there was a difference between 1500+ size MTU and 'Jumbo frames'. I thought that jumbo frames were 9000 byte MTU frames... what am I missing here?

In theory yes, 1500+ packets are jumbo frames.

but it won't take effect on the ASA until you enable the jumbo frame reservation command (which is only available on asa5580). this is an architectural requirement so the asa can work on those large frames.

once you enable the command, then you can use the mtu command to limit on how big the jumbo-frame is allowed on the asa.

but like i said this will only work on 5580.

Regards,

Fadi.

Review Cisco Networking for a $25 gift card