03-29-2007 05:58 PM - edited 03-11-2019 02:53 AM
Hi everyone,
My client has an switch 6509 with nearly 20 Vlans routed in MSFC. I put an FWSM to separate all the VLANs and put an access-list to permit ip any any in the interfaces.
Almost everything works right, except one problem in between the IPCC and the CAD Agent.
I can see some packets are dropped in the interfaces
For example,
Interface Vlan2 "SERVIDORES", is up, line protocol is up
MAC address 0018.7474.2280, MTU 1500
IP address X.X.X.X, subnet mask 255.255.255.0
Traffic Statistics for "SERVIDORES":
473436062 packets input, 617714037302 bytes
192611712 packets output, 57413127227 bytes
128775 packets dropped
I?d like if there is an way to see what packets are dropped in the interfaces and send this information to a syslog server for example,
Thanks in Advanced
Andre Lomonaco
Solved! Go to Solution.
04-02-2007 06:56 PM
Unfortunately, it doesn't look like we document this well on cisco.com I've filed bug CSCsi35389 to address this. The Release-note will be available via bug toolkit tomorrow. In the mean time, I'll include the Release-note below for your reference.
Sincerely,
David.
########################################
The Command Reference for the "show interface" command describes what all the counters in the "show interface" output mean. However, the meaning of the "dropped" counter is incorrect.
On the FWSM, the dropped counter will increment when the FWSM receives a packet that is not destined for it (the Destination MAC address in the packet is not the FWSM's MAC address). This can happen when the switch floods packets because of CAM table misses. Additionally, the counter will be incremented for CDP and VTP packets (as the FWSM does not support these protocols), and other multicast packets (assuming multicast is not configured on the FWSM). Also, IP broadcast packets will be counted here.
03-29-2007 07:27 PM
The 'dropped' counter there isn't anything to worry about. They are packets that the switch forwarded to the FWSM, that are not destined to the FWSM.
You are taking the correct troubleshooting approach however. First check the syslogs to see if you see the connection built and teardown messages. Also, you can check the conn table (show conn) to see the state of the connection once it has been attempted.
David.
04-02-2007 04:49 PM
Hi David, I have the exact same observation in my customer's network. Do you know any reference on cisco.com to support your first paragraph? Thanks.
04-02-2007 06:56 PM
Unfortunately, it doesn't look like we document this well on cisco.com I've filed bug CSCsi35389 to address this. The Release-note will be available via bug toolkit tomorrow. In the mean time, I'll include the Release-note below for your reference.
Sincerely,
David.
########################################
The Command Reference for the "show interface" command describes what all the counters in the "show interface" output mean. However, the meaning of the "dropped" counter is incorrect.
On the FWSM, the dropped counter will increment when the FWSM receives a packet that is not destined for it (the Destination MAC address in the packet is not the FWSM's MAC address). This can happen when the switch floods packets because of CAM table misses. Additionally, the counter will be incremented for CDP and VTP packets (as the FWSM does not support these protocols), and other multicast packets (assuming multicast is not configured on the FWSM). Also, IP broadcast packets will be counted here.
04-02-2007 09:46 PM
Thanks David! your reply is very helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide