CRC and Undersize errors

edisonguerrero · ‎06-15-2015

Hello community ... I have the following problem.

I have a Switch 2960 connected to 2 firewalls which are in failover (Active/Standby Ready). So the switch’s port gi0/1 and gi0/2 goes to port gi0/3 of both firewalls respectively. The last week I lost the management of the switch. When I checked locally on the switch, I found that the interface connected to the Active Firewall had CRC errors (port gi0/2). I replaced the cable and change the port to gi0/43. When I did the change, the ping against the sw was ok and CRC errors did not continue, so I concluded the problem was the cable.

The past weekend the scheduled failover over the FW was done. One day later the problem was presented again. But this time, because I was not physically close to switch, I did a shutdown – no shutdown on the gi0/3 Firewall port and the switch's management was recovered. When I check the switch, there were CRC errors again, but this time on both interfaces connected to the firewalls (gi0/1 and gi0/43).

I checked again several times the interfaces and the CRC errors were not increasing anymore. But when I used the show interface counter errors command, I note that Undersize errors are increasing quickly in these interfaces. According to the documentation, this error is caused because “The frames received are smaller than the minimum IEEE 802.3 frame size of 64 bytes” and the recomendation: "Check the device that sends out these frames.".

I checked the interface of the firewall and it has the next info:

Received 787646015 broadcasts, 0 runts, 0 giants
516721 input errors, 0 CRC, 0 frame, 516721 overrun, 0 ignored, 0 abort, 0 pause input, 0 resume input
0 L2 decode drops
70381183893 packets output, 29008467919863 bytes, 2317 underruns, 0 pause output, 0 resume output
0 output errors, 0 collisions, 17 interface resets, 0 late collisions, 0 deferred
0 input reset drops, 53 output reset drops, 11 tx hangs
input queue (blocks free curr/low): hardware (255/230)
output queue (blocks free curr/low): hardware (255/153)

It shows errors in the interface, but they are not increasing. So at this point, I dont know what could be the problem, the cable, the switch, the firewall. Any help on this will be greatful.

Thanks

Mark Malone · ‎06-16-2015

Have a look at this below your inputs and overruns were incrementing together which is a sign of too much traffic or burst traffic coming in

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115985-asa-overrun-product-tech-note-00.html#sthash.8ftBNjYa.dpuf

underuns can be from over subscription as well

see this bug also in case your on that version

https://tools.cisco.com/bugsearch/bug/CSCso66911

edisonguerrero · ‎07-01-2015

Hi Mark, thanks for your answer,

These Overruns errors on the firewall might cause CRC errors on the switch interface?

When I checked the switch, it had CRC erros on the interface connected to the firewall and the CRC was increasing. I changed the cable and port of the switch connected to the firewall and cleared the counters on the interfaces of both devices, and no CRC errors appeared along the day. But two or three days later, the problem appeared again: There were CRC errors on the new interface of the switch connected to the firewall.

Mark Malone · ‎07-02-2015

I would not have thought it would cause crcs on the switch side as the switch sends the packet so the asa does the check to make sure that no data is lost , however im not 100% on that they would not be seen on the switch side due the amount of errors on the asa side , are they still increasing on the asa side no matter which firewall is active ? , what exactly are you seeing on the switch side is it just crcs on there own , is there inputs as well , whats the tx/rx running at on average , have you tried hardcoding the duplex/speed on each side