Communication problem between ASA 5510 and Cisco 3750, L2 Decode drops

vlatko.runchev · ‎02-07-2013

Having problem with communication between ASA 5510 an Cisco Catalyst 3750.

Here is the Cisco switch port facing the ASA 5510 configuration:

interface FastEthernet2/0/6

description Trunk to ASA 5510

switchport trunk encapsulation dot1q

switchport trunk native vlan 50

switchport trunk allowed vlan 131,500

switchport mode trunk

switchport nonegotiate

And here is the ASA 5510 port configuration:

interface Ethernet0/3

speed 100

no nameif

no security-level

no ip address

interface Ethernet0/3.500

vlan 500

nameif outside

security-level 0

ip address X.X.X.69 255.255.255.0

There is a default route on ASA to X.X.X.1.

When I try to ping from ASA X.X.X.1 i get:

Sending 5, 100-byte ICMP Echos to 31.24.36.1, timeout is 2 seconds:

?????

Also in the output of show interface eth 0/3 on the ASA i can see that the L2 Decode drop counter increases.

I have also changed the ports on the Switch and ASA but the same error stays.

Any thoughts?

James Leinweber · ‎02-07-2013

I don't see anything wrong with your trunk configuration; I have a similar one working between an ASA 5520 and a Catalyst 3750G.

Maybe you should adjust the "speed 100"? In my experience, partial autoconfiguration results in duplex mis-matches, which results in dropped packets.

I'd try removing the "speed 100" and letting the ASA port autonegotiate with the switch. Alternatively, have both sides set

speed 100

duplex full

and see if things improve.

-- Jim Leinweber, WI State Lab of Hygiene

Jouni Forss · ‎02-07-2013

One Cisco document lists the following things for the "show interface" "L2 decode drops"

No nameif configured or invalid VLAN frame

- Jouni

vlatko.runchev · ‎02-08-2013

It appers that both ports on the switch that ASA was connected to where faulty.

I've used another port and everything works fine.