switch ingress policy drops

Unanswered Question
Aug 7th, 2009

I am seeing a lot of drops on the interface connected to the inside network. The sh int command reveals a lot of "switch ingress policy drops". What causes it and can be it be fixed?

The ASA 5505 is running ver 7.24


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Yudong Wu Fri, 08/07/2009 - 11:47

Are user reporting any performance issue?

If not, check the following bug.

CSCsz33819 "switch ingress policy drops" are corrupted every 65535 packets

Tshi M Wed, 08/12/2009 - 04:00

No, users are not reporting any performance issues. I recently upgraded its software to release 8.0(4) release August 10 2008 but that did not seem to resolve the problem.

Tshi M Wed, 08/12/2009 - 06:52

Thanks much for the quick reply. None of the mentioned applied to my situation. Please see below:


interface Vlan50

nameif inside

security-level 100

ip address


interface Ethernet0/1

description Uplink to gig0/40 on Core

switchport access vlan 50

speed 100

duplex full


interface Vlan50

ip address


interface GigabitEthernet0/40

description to e1 on IF1

switchport access vlan 50

switchport mode access

load-interval 30

speed 100

duplex full



Yudong Wu Wed, 08/12/2009 - 06:59

You'd better to sniffer the packet on switch port via SPAN to see what kind of packets are sending to ASA.

Tshi M Thu, 08/13/2009 - 06:16

I couldn't find anything there either. I checked other forums and find out quite of number folks reporting this issue with the ASA5505 which lead to me believe it is a problem with the hardware software and nothing else. It would be great to know when this is fixed.

Yudong Wu Thu, 08/13/2009 - 07:31

Not sure if you have verified this -- ethernet keepalive.

1. change keepalive to 20 sec on switch port.

2. on ASA check "show controller ethernet x/y | i Filtered" to see if the ingress filtered number is incrementing in the same speed as keepalive.

Anyway, if it won't impact the traffic, it should be OK. I did not find any new bug regarding to this so far.


This Discussion