Dear all,

I have a problem on the port-channel interface of my Cisco ASA 5506. I have no error on the 2 physical interfaces.

ASA 5506 => Po1 => Gi1/1 to core switch
                             => Gi1/2 to core switch 
                 => Gi1/3 = GUEST to another network
                
Interfaces on Cisco ASA 5506 :
interface Port-channel1
 description SR3548 vPC13
 lacp max-bundle 8
 nameif LAN
 security-level 100
 ip address 10.99.29.161 255.255.255.240

FW5506-01# show port-channel 1
Span-cluster port-channel: No
Ports: 2   Maxports = 32
Port-channels: 1 Max Port-channels = 48
Protocol: LACP/ active
Minimum Links: 1
Maximum Bundle: 8
Load balance: src-dst-ip

Interface Port-channel1 "LAN", is up, line protocol is up
  Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: SR3548 vPC13
        MAC address a46c.2a99.f9ac, MTU 1500
        IP address 10.99.29.161, subnet mask 255.255.255.240
  Traffic Statistics for "LAN":
        40526665 packets input, 3271217428 bytes
        32843572 packets output, 12355293991 bytes
        1891643 packets dropped
      1 minute input rate 49 pkts/sec,  3906 bytes/sec
      1 minute output rate 41 pkts/sec,  14162 bytes/sec
      1 minute drop rate, 2 pkts/sec
      5 minute input rate 45 pkts/sec,  3636 bytes/sec
      5 minute output rate 36 pkts/sec,  13628 bytes/sec
      5 minute drop rate, 2 pkts/sec
  Members in this channel:
      Active:   Gi1/1 Gi1/2

      
Interface GigabitEthernet1/1 "", is up, line protocol is up
  Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: SR3548-01 Eth1/13
        Active member of Port-channel1
        MAC address a46c.2a99.f9ac, MTU 1500
        IP address unassigned
        45854494 packets input, 3856705876 bytes, 6757768 no buffer
        Received 5 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        2830829 packets output, 1403672918089097 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (929/873)
        output queue (blocks free curr/low): hardware (1023/1009)

        Interface GigabitEthernet1/2 "", is up, line protocol is up
  Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: SR3548-02 Eth1/13
        Active member of Port-channel1
        MAC address a46c.2a99.f9ad, MTU 1500
        IP address unassigned
        8317440 packets input, 161926699 bytes, 6827898 no buffer
        Received 4 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        30076475 packets output, 29132951497328700 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (1000/893)
        output queue (blocks free curr/low): hardware (1023/963)

Interface GigabitEthernet1/3 "GUEST", is up, line protocol is up
  Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: SW2960-01 Gi1/0/1
        MAC address a46c.2a99.f9ae, MTU 1500
        IP address 172.16.100.254, subnet mask 255.255.255.240
        1313927589 packets input, 266036497 bytes, 1312320705 no buffer
        Received 11433 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        1193931 packets output, 352723800044307 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        input queue (blocks free curr/low): hardware (896/853)
        output queue (blocks free curr/low): hardware (1023/964)
  Traffic Statistics for "GUEST":
        1577149 packets input, 230525904 bytes
        1193931 packets output, 127335594 bytes
        484966 packets dropped
      1 minute input rate 1 pkts/sec,  214 bytes/sec
      1 minute output rate 1 pkts/sec,  115 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 1 pkts/sec,  162 bytes/sec
      5 minute output rate 0 pkts/sec,  102 bytes/sec
      5 minute drop rate, 0 pkts/sec

FW5506-01# sh asp drop
Frame drop:
  No valid adjacency (no-adjacency)                                            1
  Flow is denied by configured rule (acl-drop)                            733226 => these values are incremented
  First TCP packet not SYN (tcp-not-syn)                                     575
  TCP failed 3 way handshake (tcp-3whs-failed)                                 1
  TCP RST/FIN out of order (tcp-rstfin-ooo)                                   14
  CTM returned error (ctm-error)                                              36
  Slowpath security checks failed (sp-security-failed)                      2638
  FP L2 rule drop (l2_acl)                                               1807380 => these values are incremented
  Interface is down (interface-down)                                           4
  Dropped pending packets in a closed socket (np-socket-closed)               28

Last clearing: Never

Flow drop:
  SSL handshake failed (ssl-handshake-failed)                                 39

      
      
CORE switch - vPC (2 x 3548 switches) => no errors

On each 3845 :
interface Ethernet1/13
  speed 1000
  description FW5506-ATH-DC-01 Gi1/1
  switchport access vlan 903
  spanning-tree port type normal
  storm-control broadcast level 5.00
  channel-group 13 mode active
  no shutdown

On first core switch :

SR3548-01# sh int eth1/13
Ethernet1/13 is up
 Dedicated Interface
  Belongs to Po13
  Hardware: 100/1000/10000/40000 Ethernet, address: 5897.bd0d.ed14 (bia 5897.bd0d.ed14)
  Description: FW5506-01 Gi1/1
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA
  Port mode is access
  full-duplex, 1000 Mb/s, media type is 1G
  Beacon is turned off
  Input flow-control is off, output flow-control is off
  Rate mode is dedicated
  Switchport monitor is off
  EtherType is 0x8100
  Last link flapped 1week(s) 3day(s)
  Last clearing of "show interface" counters 10w6d
  12 interface resets
  Load-Interval #1: 30 seconds
  30 seconds input rate 4088 bits/sec, 2 packets/sec
  30 seconds output rate 20488 bits/sec, 19 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 3.03 Kbps, 2 pps; output rate 28.95 Kbps, 42 pps
  RX
    94594582 unicast packets  239170 multicast packets  141 broadcast packets
    94833893 input packets  38952348556 bytes
    0 jumbo packets  0 storm suppression bytes
    0 runts  0 giants  0 CRC  0 no buffer
    0 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
  TX
    197729147 unicast packets  14 multicast packets  0 broadcast packets
    197729161 output packets  19104211566 bytes
    0 jumbo packets
    0 output errors  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble 0 output discard
    0 Tx pause

On second core switch :

SR3548-02# sh int eth1/13
Ethernet1/13 is up
 Dedicated Interface
  Belongs to Po13
  Hardware: 100/1000/10000/40000 Ethernet, address: 5897.bd73.8a74 (bia 5897.bd73.8a74)
  Description: FW5506-01 Gi1/2
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA
  Port mode is access
  full-duplex, 1000 Mb/s, media type is 1G
  Beacon is turned off
  Input flow-control is off, output flow-control is off
  Rate mode is dedicated
  Switchport monitor is off
  EtherType is 0x8100
  Last link flapped 1week(s) 3day(s)
  Last clearing of "show interface" counters 10w6d
  8 interface resets
  Load-Interval #1: 30 seconds
  30 seconds input rate 103200 bits/sec, 26 packets/sec
  30 seconds output rate 1544 bits/sec, 1 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 175.49 Kbps, 34 pps; output rate 1.05 Kbps, 0 pps
  RX
    68941914 unicast packets  239322 multicast packets  364 broadcast packets
    69181600 input packets  27519919374 bytes
    0 jumbo packets  0 storm suppression bytes
    0 runts  0 giants  0 CRC  0 no buffer
    0 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
  TX
    8751455 unicast packets  139 multicast packets  4 broadcast packets
    8751598 output packets  898151323 bytes
    0 jumbo packets
    0 output errors  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble 0 output discard
    0 Tx pause

Why there is packets drop on port channel ?

Best regard.