cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2025
Views
15
Helpful
4
Replies

FWSM Dropped Packet

lomonaco
Level 1
Level 1

Hi everyone,

My client has an switch 6509 with nearly 20 Vlans routed in MSFC. I put an FWSM to separate all the VLANs and put an access-list to permit ip any any in the interfaces.

Almost everything works right, except one problem in between the IPCC and the CAD Agent.

I can see some packets are dropped in the interfaces

For example,

Interface Vlan2 "SERVIDORES", is up, line protocol is up

MAC address 0018.7474.2280, MTU 1500

IP address X.X.X.X, subnet mask 255.255.255.0

Traffic Statistics for "SERVIDORES":

473436062 packets input, 617714037302 bytes

192611712 packets output, 57413127227 bytes

128775 packets dropped

I?d like if there is an way to see what packets are dropped in the interfaces and send this information to a syslog server for example,

Thanks in Advanced

Andre Lomonaco

1 Accepted Solution

Accepted Solutions

Unfortunately, it doesn't look like we document this well on cisco.com I've filed bug CSCsi35389 to address this. The Release-note will be available via bug toolkit tomorrow. In the mean time, I'll include the Release-note below for your reference.

Sincerely,

David.

########################################

The Command Reference for the "show interface" command describes what all the counters in the "show interface" output mean. However, the meaning of the "dropped" counter is incorrect.

On the FWSM, the dropped counter will increment when the FWSM receives a packet that is not destined for it (the Destination MAC address in the packet is not the FWSM's MAC address). This can happen when the switch floods packets because of CAM table misses. Additionally, the counter will be incremented for CDP and VTP packets (as the FWSM does not support these protocols), and other multicast packets (assuming multicast is not configured on the FWSM). Also, IP broadcast packets will be counted here.

View solution in original post

4 Replies 4

David White
Cisco Employee
Cisco Employee

The 'dropped' counter there isn't anything to worry about. They are packets that the switch forwarded to the FWSM, that are not destined to the FWSM.

You are taking the correct troubleshooting approach however. First check the syslogs to see if you see the connection built and teardown messages. Also, you can check the conn table (show conn) to see the state of the connection once it has been attempted.

David.

Hi David, I have the exact same observation in my customer's network. Do you know any reference on cisco.com to support your first paragraph? Thanks.

Unfortunately, it doesn't look like we document this well on cisco.com I've filed bug CSCsi35389 to address this. The Release-note will be available via bug toolkit tomorrow. In the mean time, I'll include the Release-note below for your reference.

Sincerely,

David.

########################################

The Command Reference for the "show interface" command describes what all the counters in the "show interface" output mean. However, the meaning of the "dropped" counter is incorrect.

On the FWSM, the dropped counter will increment when the FWSM receives a packet that is not destined for it (the Destination MAC address in the packet is not the FWSM's MAC address). This can happen when the switch floods packets because of CAM table misses. Additionally, the counter will be incremented for CDP and VTP packets (as the FWSM does not support these protocols), and other multicast packets (assuming multicast is not configured on the FWSM). Also, IP broadcast packets will be counted here.

Thanks David! your reply is very helpful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: