ASA - packets dropped

Unanswered Question

Hi, I have an Cisco ASA-5510 that have a lot of packet dropped in a sub interface of outside physical interface. Why do this? Is a queue-limit issue?

show interface DMZ_TN

Interface GigabitEthernet0/2.14 "DMZ_TN", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

VLAN identifier 14

Description: TN_DC_IPLAN

MAC address 001b.d454.d748, MTU 1500

IP address 10.255.254.25, subnet mask 255.255.255.248

Traffic Statistics for "DMZ_TN":

474449896 packets input, 72933751716 bytes

468169696 packets output, 47492362184 bytes

1509612 packets dropped

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Mon, 06/29/2009 - 06:15

Hi Federico,

This drop counter increments when a packet is dropped in the accelerated security path (ASP). This can be caused by anything from a bad packet to a configured ACL.

The output of 'show asp drop' will list counters for all of the reasons why a packet was dropped (since they were last cleared).

'show asp drop':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1351326

'show interface':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427809

Hope that helps.

-Mike

Actions

This Discussion