Hi,

Duplex is set to auto and MTU is 1500.

- Mero

Can you please post the interface configurations from your ASA and switch? You lost me with your description of 4, 3, 6, and 7 ports above.

Dear Marvin,

Please look the following:

SWITCH

=======

interface FastEthernet0/1

description *****connected to port0 *****

interface FastEthernet0/2

description *****connected to port1 *****

switchport trunk allowed vlan 2,3

switchport mode trunk

interface FastEthernet0/3

description *****connected to port2 *****

switchport trunk allowed vlan 4,5

switchport mode trunk

interface FastEthernet0/4

description *****connected to port3 *****

switchport trunk allowed vlan 6,7

switchport mode trunk

ASA

=======

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address

interface GigabitEthernet0/1

no ip address

interface GigabitEthernet0/1.2

vlan 2

nameif inside

security-level 100

ip address

interface GigabitEthernet0/1.3

vlan 3

nameif inside

security-level 30

ip address

interface GigabitEthernet0/2

no ip address

interface GigabitEthernet0/2.4

vlan 4

no  shutdown

nameif intf400

security-level 40

ip address 

interface GigabitEthernet0/2.5

vlan 5

no  shutdown

nameif intf500

security-level 50

ip address 

interface GigabitEthernet0/3

no shutdown

no ip address

interface GigabitEthernet0/3.6

vlan 6

no  shutdown

nameif intf600

security-level 60

ip address 

interface GigabitEthernet0/3.7

vlan 7

no  shutdown

nameif intf700

security-level 70

ip address 

- Mero

Mero,

Thanks - that's clearer now. What model and version of ASA software are you using?

Can you provide "show interface status" for each of your four switch ports connected to the ASA? Also "show interface  | i Speed" from the ASA.

Thanks Mr. Marvin,

I will write more after few hours.

- Mero

Hi,

I am using cisco ASA 5520 and  Software Version 7.2(4)

Sorry, the duplex was set to auto, half-duplex. Can I set it to full, will this drop my packets. I am getting confusion on single mode. I pasted some output of show interface, please have a look.

Interface GigabitEthernet0/0 "outside", is up, line protocol is up

  Hardware is xxxx rev03, BW 1000 Mbps

        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

        MAC address xxxx.xxxx.xxxx, MTU 1500

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        0 output errors, 0 collisions, 4 interface resets

        0 late collisions, 0 deferred

        0 input reset drops, 0 output reset drops

        input queue (curr/max packets): hardware (2/25) software (0/0)

        output queue (curr/max packets): hardware (0/50) software (0/0)

  Traffic Statistics for "outside":

        98140245 packets input, 118773026302 bytes

        71538920 packets output, 6580023518 bytes

        241680 packets dropped

Interface GigabitEthernet0/1 "", is up, line protocol is up

  Hardware is xxxx rev03, BW 1000 Mbps

        Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)

        Available but not configured via nameif

        MAC address xxxx.xxxx.xxxx, MTU not set

        IP address unassigned

        222553951 packets input, 110898015593 bytes, 0 no buffer

        Received 323205 broadcasts, 0 runts, 0 giants

        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

        0 L2 decode drops

        190477421 packets output, 93155281167 bytes, 0 underruns

        0 output errors, 2802847 collisions, 1 interface resets

        4946391 late collisions, 10976732 deferred

        0 input reset drops, 13 output reset drops

        input queue (curr/max packets): hardware (0/33) software (0/0)

        output queue (curr/max packets): hardware (0/185) software (0/0)

Interface GigabitEthernet0/1.2 "intf200", is up, line protocol is up

        VLAN identifier 2

        MAC address xxxx.xxxx.xxxx, MTU 1500

        IP address xxxx, subnet mask xxxx

  Traffic Statistics for "intf200":

        152134764 packets input, 26686067503 bytes

        141153651 packets output, 79907226008 bytes

        21314472 packets dropped

Interface GigabitEthernet0/1.3 "intf300", is up, line protocol is up

        VLAN identifier 3

        MAC address xxxx.xxxx.xxxx, MTU 1500

        IP address xxxx, subnet mask xxxx

  Traffic Statistics for "intf300":

        70400873 packets input, 78921800729 bytes

        54270216 packets output, 15286952393 bytes

        180516 packets dropped

Waiting for your help,

- Mero

Your ASA 5520 has four Gigabit Ethernet interfaces (plus the Fast Ethernet management port). Normal practice would be to run all the connected ports at their rated 1 Gbps speed and full duplex. Normally auto speed and duplex settings at the ASA and switch would take care of that automatically.

Unless... is your switch on the inside only Fast Ethernet capable? Running at half duplex 100 Mbps is certainly not normal. Assuming your switch is capable, the ports should all be full duplex 1000 Mbps. That's why I asked for "show interface status" from the relevant switch ports. On a Cisco switch that will show me their speed and duplex settings and whether they are auto or manually set.

What were you saying about single mode? Is there a fiber optic connection somewhere?

Also, I see a large number of packets dropped. One would not normally expect to see drops of that number. The abnormal duplex setting could be contirbuting to that.

Dear Marvin,

Please go through the show inter status

Port      Name        Status       Vlan       Duplex  Speed Type

Fa0/1     *****                connected    1          a-full  a-100 10/100BaseTX

Fa0/2     *****                connected    trunk          full  100 10/100BaseTX

Fa0/3     *****                connected    trunk        full    100 10/100BaseTX

About the single mode, I was talking about the context, however I am not using context over here. No fiber connection.

Please write me the one by one step to speed up my network.

with best regards,

- Mero

The trunk should definitely be running at full duplex. Right now your switch port Fa0/2 says "full" and your ASA interface Gi0/1 says "half". They should both be "full". Autonegotiation should take care of that but for whatever reason it is not.

So, on each device go into interface-config and set "duplex full" for those affected interfaces.

Dear Mr. Marvin,

Thanks for your kind support.

I tried to make the affected interfaces to duplex full, in one interface it works well but when I tried to change the duplex full of my network, it fails and hangs out. Do, I have to give the command from console or from another network.

The switch port interface maximum speed is 100 mbps and asa speed is 1000 mbps, do I have to set the ASA interface speed to 100 mbps or not ?

With best regards,

Mero

Dear Mr. Marvin,

I configure the duplex mode to full on the interfaces of switch, no problem seen. After that, I configure the duplex mode to full on the ASA interfaces. The first one gives no problem, works well. But, when I configure the duplex mode to full of my network (ASA port) the whole network breaks down. What would be the problem ? Why the network breaks ? Do I have to configre from another network or do I have to configure from console port ?

Please help.

With best regards,

Mero