Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
2
Replies

Missed Packet thresh hold

Ashwani Yadav
Level 1
Level 1

‎08-12-2014 01:54 AM - edited ‎03-10-2019 06:13 AM

I am using a 4270 IPS. I am getting Missed packet thresh hold exceeded.  100 % of packets were missed. 

 

I want to know , what is a missed packets ? & why these comes on interface. 

 

 

Labels:
0 Helpful
2 Replies 2

largenb
Cisco Employee
Cisco Employee

‎08-17-2014 09:16 PM

 

Have you enabled the virtual sensor (vs0) on the IPS?

If you IDM into the IPS, you can check the following:

Configuration --> Policies --> IPS Policies --> edit "vs0" --> tick "Assigned" for gig3/3  --> OK --> click "Apply"

I noticed that as soon as the interface comes back up it exceeds the threshold of the interface almost immediately. It's possible that the interface is oversubscribed. You want to check the amount of traffic you have going through the interface and see if you can limit them via ACL's. 

 

The other thing I noticed is that along with the up/down alarms there are numerous TCP Segment Overwrite (1300-0) alerts in the alarm channel. The signature likely needs to be tuned for your environment.

0 Helpful

Ashwani Yadav
Level 1
Level 1
In response to largenb

‎08-17-2014 09:59 PM

Hi Largenb, 

 

Thanks for response, Yes I have already checked, IPS policy is properly applied.   IPS interface is receiving around 300 Mbps traffic, but IPS is 4270, whose troughput is 4 gbps.  below is the show interface statistics for my interface. 

 

show interfaces gigabitEthernet3/2
MAC statistics from interface GigabitEthernet3/2
    Interface function = Sensing interface
    Description =  SW1 Port 0/2
    Media Type = TX
    Default Vlan = 0
    Inline Mode = Unpaired
    Pair Status = N/A
    Hardware Bypass Capable = Yes when paired with GigabitEthernet3/3
    Hardware Bypass Paired = No
    Link Status = Up
    Admin Enabled Status = Enabled
    Link Speed = Auto_1000
    Link Duplex = Auto_Full
    Missed Packet Percentage = 99
    Total Packets Received = 171259
    Total Bytes Received = 1214483055
    Total Multicast Packets Received = 26
    Total Broadcast Packets Received = 0
    Total Jumbo Packets Received = 0
    Total Undersize Packets Received = 0
    Total Receive Errors = 2073827
    Total Receive FIFO Overruns = 1978
    Total Packets Transmitted = 0
    Total Bytes Transmitted = 132603584
 
--MORE--
        
   Total Multicast Packets Transmitted = 0
    Total Broadcast Packets Transmitted = 0
    Total Jumbo Packets Transmitted = 0
    Total Undersize Packets Transmitted = 0
    Total Transmit Errors = 0
    Total Transmit FIFO Overruns = 0

 

Please suggest. Inspection load of IPS is normal, my other interface of IPS is running in Inline which is working properly. 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card