ASA - packets dropped

Unanswered Question

Hi, I have an Cisco ASA-5510 that have a lot of packet dropped in a sub interface of outside physical interface. Why do this? Is a queue-limit issue?

show interface DMZ_TN

Interface GigabitEthernet0/2.14 "DMZ_TN", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

VLAN identifier 14

Description: TN_DC_IPLAN

MAC address 001b.d454.d748, MTU 1500

IP address, subnet mask

Traffic Statistics for "DMZ_TN":

474449896 packets input, 72933751716 bytes

468169696 packets output, 47492362184 bytes

1509612 packets dropped

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertson.michael Mon, 06/29/2009 - 06:15
User Badges:
  • Silver, 250 points or more

Hi Federico,

This drop counter increments when a packet is dropped in the accelerated security path (ASP). This can be caused by anything from a bad packet to a configured ACL.

The output of 'show asp drop' will list counters for all of the reasons why a packet was dropped (since they were last cleared).

'show asp drop':

'show interface':

Hope that helps.



This Discussion