08-02-2012 10:17 AM - edited 03-11-2019 04:37 PM
hi,
users behind asa5510 on both vlans10 and 20 have slow internet speeds (2Mbps down/170kbps up). carrier provides 13Mbps down/5mbps up and speed tests on another port on the asa 9Mbps/5mbps. There is no speed/duplex mismatch on the switch (cisco 2960) that asa port is connected to. what else could possible cause that ? cisco 2960 is in vtp transparent mode. mtu on both vlans is matched.
thanks
Solved! Go to Solution.
08-07-2012 09:32 AM
Hello,
Perfect,. the problem was the duplex mismatch on the outside interface,
Glad you are going to keep this configuration
If you do not have any other question please mark the question as answered,
Regards,
Julio
08-02-2012 10:29 AM
Hello,
So you are seeing the speed issues just on interface 0/1 and ofcourse its sub-interfaces.
Please provide the following:
Show interface | include errors
Show interface fastethernet 0/1
As you already checked as it works on a different and dedicated port on the ASA this could be happening because of two things:
1-The amount of traffic received on interface 0/1 is greater than the one the ASA can support
2-Issues on the LAN side ( switches)
Regards,
Julio
08-02-2012 10:50 AM
asa# sh int | include errors
194815 input errors, 194815 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 2 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 1 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 4 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 4 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
asa# sh int e0/1
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Input flow control is unsupported, output flow control is off
Available but not configured via nameif
MAC address f0f7.55f3.2ddb, MTU not set
IP address unassigned
16573970 packets input, 2161738772 bytes, 0 no buffer
Received 231352 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
18086894 packets output, 8585727976 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/230)
asa# sh int e0/1.10
Interface Ethernet0/1.10 "inside1", is up, line protocol is up
# Attention: This interface is located in a PCI-e x0 slot. For #
# optimal throughput, install the interface in a PCI-e x16 slot #
# if one is available. Refer to 'show controller slot'. #
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 10
Description: CONNECTION TO INSIDE PCs
MAC address f0f7.55f3.2ddb, MTU 1500
IP address 192.168.1.3, subnet mask 255.255.255.0
Traffic Statistics for "inside1":
15930094 packets input, 1489532514 bytes
17415119 packets output, 7694926229 bytes
10030657 packets dropped
asa# sh int e0/1.10 20
Interface Ethernet0/1.20 "inside2", is up, line protocol is up
# Attention: This interface is located in a PCI-e x0 slot. For #
# optimal throughput, install the interface in a PCI-e x16 slot #
# if one is available. Refer to 'show controller slot'. #
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
VLAN identifier 20
Description: CONNECTION TO INSIDE SERVERS
MAC address f0f7.55f3.2ddb, MTU 1500
IP address 192.168.2.3, subnet mask 255.255.255.0
Traffic Statistics for "inside2":
644215 packets input, 290057701 bytes
672642 packets output, 490711008 bytes
4994 packets dropped
08-02-2012 10:55 AM
Hello,
This is not good at all:
194815 input errors, 194815 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
Make sure the ISP people has their interface hardcoded as yours ( interface ethernet 0/0)
After doing that please do the following:
clear interface
And then after 5 minutes provide me the following command:
-show interface | include errors
Regards,
Julio
08-02-2012 11:25 AM
asa# sh int | include error
106 input errors, 106 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 output errors, 0 collisions, 0 interface resets
08-02-2012 11:43 AM
Hello,
Same behavior, can you change the cable connection to the modem, clear the interface again and wait five minutes.
Then provide us the same output,
Regards,
08-06-2012 01:18 PM
Was this resolved? It's very close to a problem I have now.
08-06-2012 01:45 PM
hi, I had to wait until the weekend to work on this. I set the settings on the asa port towards the provider from duplex full to duplex auto, that cleared the CRC errors. Modified the configuration, added another 5-port cisco switch and removed the two vlans on port 0/1. Internet speed is improved. Graphing the users LAN did not show any excessive traffic. CPU and mem utilization is the same. Policies are the same. Not sure what was going on.
08-06-2012 05:23 PM
Hello Nevyana,
Are you still having latency issues, I can see it improved!
What is behind the inside interface of the ASA? how many switches or layer 3 devices are there?
Let us know so we can help you on this,
Regards,
Julio
08-07-2012 05:54 AM
Thank you so much, speed is improved and planning to keep this configuration. I cannot explain why the issue on the original configuration. There is one cisco 2960 connected to the LAN. Here's the configuration it had:
logging buffered 5000 informational
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20,301
!
!
interface FastEthernet0/1
switchport trunk allowed vlan 10,20
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/2
shutdown
speed 100
duplex full
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/45
description 510 SERVER
switchport access vlan 20
speed 100
duplex full
!
interface FastEthernet0/46
description 290 SERVER
switchport access vlan 20
speed 100
duplex full
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
description PCs
no ip address
no ip route-cache
!
interface Vlan20
description SERVERS
no ip address
no ip route-cache
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
08-07-2012 09:32 AM
Hello,
Perfect,. the problem was the duplex mismatch on the outside interface,
Glad you are going to keep this configuration
If you do not have any other question please mark the question as answered,
Regards,
Julio
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: