Dropped 2000 VLAN untagged packets on pix

Unanswered Question
Mar 15th, 2008
User Badges:

When i do show interface on PIX 515E having version 7.0.2 i see the following out put

Received 40000 VLAN untagged packets

Forward 70000 VLAN untagged packets

Dropped 3000 VLAN untagged packets

Can any tell me which kind of drop this is?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mostwantedtop10 Sun, 03/16/2008 - 12:28
User Badges:

Hello i already see the above links but information is useless, it just inform the same what is in output.

firewall interface is connected to 2970 switch and switch port is an access port, there is no vlan configured on firewall port.

ask me what other information you need

padramas Sun, 03/16/2008 - 14:37
User Badges:
  • Cisco Employee,

Please provide output of

"show interface " from the 2970 switch and "show interface" from pix

padramas Mon, 03/17/2008 - 21:13
User Badges:
  • Cisco Employee,

Hello Muhammad,

Compared the bytes transmitted and received by both interfaces.It seems that description is dropped vlan packets is not indicative of correct packet drops as stated by following cosmetic bug


Dropped VLAN untagged packet

To observe where actually packets gets dropped use the command ""show asp drop""



mostwantedtop10 Tue, 03/18/2008 - 13:29
User Badges:

Find the attached files, actually i am getting connection time out, some times not usually, my web server is on inside and it try to connect with a DB at outside 90% is success rate and 10% is failure ip address is as following


PG destination port is 2443

see the syslog file

padramas Tue, 03/18/2008 - 14:57
User Badges:
  • Cisco Employee,


The connection is established from outisde to this IP address on various ports and sometimes it Resets the connection request immediately whereas in some instances the application

closes the connection by sending FIN after few minutes.

The set of messages are well explained in the following link


show asp drop


There can be many reasons for the tcp packet drops.You can start with application configuration on and who is initiating the connection.

Depending upon the observed time-frame and traffic pattern,this can be totally normal.


This Discussion