Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2445
Views
0
Helpful
4
Replies

Input errors & overruns on ASA

Andy White
Level 3
Level 3

‎01-15-2015 07:05 AM - edited ‎03-11-2019 10:21 PM

Hello,

Our ASA's inside experiences overuns and input errors, the CPU is not being hogged.  I have the SNMP OID for input errors so I can gather this info, but can't find the OID for overruns does anyone know this?

Netflow seems to hint towards high traffic as the ASA 5520 can only handle a total of 450mbps and it can hit this.  But even when it is lower that 450mbps the input errors and over runs slowly increase.

I'm not sure what the input errors mean like I do the overruns though.

 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115985-asa-overrun-product-tech-note-00.html?referring_site=RE&pos=2&page=http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generat...

Labels:
0 Helpful
4 Replies 4

burleyman
Level 8
Level 8

‎01-19-2015 04:35 AM

Can you post the output of the command show int for the inside interface

 

Mike

0 Helpful

Andy White
Level 3
Level 3
In response to burleyman

‎01-19-2015 06:02 AM

Sure:

 

Interface GigabitEthernet0/1 "inside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        MAC address 001e.1312.f535, MTU 1500
        IP address 128.101.10.50, subnet mask 255.255.0.0
        2429698286 packets input, 1097335945161 bytes, 0 no buffer
        Received 352782 broadcasts, 0 runts, 0 giants
        555430 input errors, 0 CRC, 0 frame, 555430 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        4941652140 packets output, 6240713571240 bytes, 1203 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/0)
  Traffic Statistics for "inside":
        2429678752 packets input, 1045311802091 bytes
        4941653343 packets output, 6149740351746 bytes
        6072144 packets dropped
      1 minute input rate 9779 pkts/sec,  3938397 bytes/sec
      1 minute output rate 19667 pkts/sec,  23350298 bytes/sec
      1 minute drop rate, 22 pkts/sec
      5 minute input rate 9534 pkts/sec,  3166544 bytes/sec
      5 minute output rate 19090 pkts/sec,  22683231 bytes/sec
      5 minute drop rate, 29 pkts/sec

 

0 Helpful

burleyman
Level 8
Level 8
In response to Andy White

‎01-19-2015 06:19 AM

Here is a link to help and explain the Overruns you are seeing.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115985-asa-overrun-product-tech-note-00.html

 

Also the Input errors are the combination of CRC, Frame, Overrun, the ignored and about are not used.

 

Hope this helps,

Mike

0 Helpful

Andy White
Level 3
Level 3
In response to burleyman

‎01-19-2015 06:26 AM

Thanks, I've worked out the go up between 50-150 per minute, not sure if that is low or concerning.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card