04-08-2016 12:05 PM - edited 03-08-2019 05:17 AM
Hi,
Very recently we have migrated our firewall 5505 with 5506x. We did this migration in 5 location. After the migration we are observing packet drop between our switch and firewall. For 1000 packet, 3 packets are getting dropped every time. Checked the interface counter which are clean. This problem is in all 5 locations. We observe more drop when we have more people connected on the network.
I have this problem in inside as well as in the outside interface also. What could be the issue ? what else i can check ?
Switch(2960x)--inside--->ASA 5506x--outside-->C3560(L2)---->Internet
10.10.10.2---------->(10.10.10.1)
GigabitEthernet1/1 "inside", is up, line protocol is up
Hardware is Accelerator rev01, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is off
MAC address ebcd.efac.11dt, MTU 1500
IP address 10.10.10.1, subnet mask 255.255.255.248
8472733 packets input, 2442001975 bytes, 0 no buffer
Received 27 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
10505717 packets output, 7441495411 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (blocks free curr/low): hardware (896/860)
output queue (blocks free curr/low): hardware (1023/943)
Traffic Statistics for "inside":
8131579 packets input, 2177987768 bytes
10129070 packets output, 7178898991 bytes
48146 packets dropped
1 minute input rate 194 pkts/sec, 67507 bytes/sec
1 minute output rate 280 pkts/sec, 43681 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 121 pkts/sec, 35353 bytes/sec
5 minute output rate 178 pkts/sec, 31459 bytes/sec
5 minute drop rate, 0 pkts/sec
04-08-2016 12:51 PM
Hi,
Have you looked at the logs on the firewalls for any duplex/speed issue or other notifications?
You may want to open a ticket with TAC since you have the same issue on all devices and they are new and under service contract.
HTH
04-08-2016 02:13 PM
Checked the firewall interface and switch interface. No such logs. I am working with TAC now. Thank you!!!
04-14-2016 12:55 PM
TAC Confirmed a BUG CSCut63740 for this issue. Upgrade of ASA firmware resolved the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide