ASA 5520 Interface Traffic Statistics

terralinx · ‎08-21-2007

I'm new to the ASA 5520 and have a question about the Traffic Statistics on a "show interface" command.

Does the number of "packets dropped" represent bad packets or the number of packets dropped by an ACL, etc.

Our users are complaining of "slow VPN access" and I see a high number of CRC errors and "packets dropped". Here's a snap shot:

2013243242 packets input, 275331095752 bytes, 0 no buffer

Received 487940 broadcasts, 0 runts, 0 giants

0 input errors, 3681703 CRC, 0 frame, 0 overrun, 3681703 ignored, 0 abort

0 L2 decode drops

2375255631 packets output, 1593597931121 bytes, 0 underruns

0 output errors, 0 collisions

0 late collisions, 0 deferred

input queue (curr/max blocks): hardware (0/0) software (0/0)

output queue (curr/max blocks): hardware (0/144) software (0/0)

Traffic Statistics for "outside":

2013227001 packets input, 233244327480 bytes

2375255631 packets output, 1549298242615 bytes

44195597 packets dropped

1 minute input rate 145 pkts/sec, 31449 bytes/sec

1 minute output rate 185 pkts/sec, 160819 bytes/sec

1 minute drop rate, 1 pkts/sec

5 minute input rate 172 pkts/sec, 37009 bytes/sec

5 minute output rate 231 pkts/sec, 196303 bytes/sec

5 minute drop rate, 2 pkts/sec

Thanks for your help!!

msdesai · ‎08-21-2007

Hi

Dropped packets under interface outside are due to a packet not destined to ASA is received (such as broadcasts, switch flooding packets for an unknown destination etc) or traffic denied by ACL.

CRC errors are usually the result of collision or a station transmitting bad data. (Since users are complaining about slow vpn access)

You might want to check cable as well as speed/duplex setting on ASA and Switch port to make sure both are running at same speed/duplex setting.

HTH

MD