As the title says, a switch is receiving pause frames, but the ASA is still getting overrun errors. We have played with the settings for flowcontrol, but nothing seems to stop these errors. I have performed troubleshooting as per this document:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115985-asa-overrun-product-tech-note-00.html#anc6
There does not seem to be any significant resource hogs, Is there a misconfiguration on one of the devices? I am trying to find out what will fix the overrun issue. What else should I try?
Console output of the two connected interfaces:
*ASA 5525x* - Version ASA 9.4(2)11
ASA1# sho int gi 0/1
Interface GigabitEthernet0/1 "Inside", is up, line protocol is up
Hardware is i82574L rev00, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Input flow control is unsupported, output flow control is on
MAC address 0078.8847.87f3, MTU 1500
IP address 10.75.251.2, subnet mask 255.255.255.0
96959814285 packets input, 20072810163568 bytes, 0 no buffer
Received 279155 broadcasts, 0 runts, 0 giants
3967982 input errors, 0 CRC, 0 frame, 3967982 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
195761529692 packets output, 228626395757828 bytes, 424459 underruns
1611 pause output, 339 resume output
0 output errors, 0 collisions, 20 interface resets
0 late collisions, 0 deferred
511 input reset drops, 79 output reset drops
input queue (blocks free curr/low): hardware (496/362)
output queue (blocks free curr/low): hardware (468/0)
Traffic Statistics for "Inside":
96955623491 packets input, 18217124488226 bytes
195761954647 packets output, 225071328596014 bytes
168532556 packets dropped
1 minute input rate 18647 pkts/sec, 3674933 bytes/sec
1 minute output rate 39880 pkts/sec, 45959787 bytes/sec
1 minute drop rate, 39 pkts/sec
5 minute input rate 17684 pkts/sec, 3429228 bytes/sec
5 minute output rate 46221 pkts/sec, 54987848 bytes/sec
5 minute drop rate, 32 pkts/sec
ASA1# sho run int gi 0/1
!
interface GigabitEthernet0/1
flowcontrol send on 16 20 26624
nameif Inside
security-level 100
ip address 10.75.251.2 255.255.255.0
ASA1#
*C6824-X-LE-40G* - Version 15.2(02)SY [Rel 1.0]
C6824#sho int te 1/1/24
TenGigabitEthernet1/1/24 is up, line protocol is up (connected)
Hardware is C6k 10000Mb 802.3, address is 706b.b99a.b988 (bia 706b.b99a.b988)
Description: TO_ASA
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 7/255, rxload 99/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseT
input flow-control is on, output flow-control is off
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 390797000 bits/sec, 41416 packets/sec
5 minute output rate 30701000 bits/sec, 17646 packets/sec
134005935676 packets input, 154259099562516 bytes, 0 no buffer
Received 412337 broadcasts (409808 multicasts)
1 runts, 0 giants, 0 throttles
1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 1950 pause input
0 input packets with dribble condition detected
64911682697 packets output, 16586145887747 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
C6824#sho run int te 1/1/24
Building configuration...
Current configuration : 191 bytes
!
interface TenGigabitEthernet1/1/24
description TO_ASA
switchport
switchport mode access
switchport access vlan 998
flowcontrol receive on
spanning-tree portfast edge
end
C6824#
