No, users are not reporting any performance issues. I recently upgraded its software to release 8.0(4) release August 10 2008 but that did not seem to resolve the problem.

In that case, you can refer to "Table 26-13 show interface for Switch Interfaces Fields" in the link below to see which drop reason could be applied in your case.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427809

Thanks much for the quick reply. None of the mentioned applied to my situation. Please see below:

ASA5505

interface Vlan50

nameif inside

security-level 100

ip address 10.64.50.15 255.255.255.0

!

interface Ethernet0/1

description Uplink to gig0/40 on Core

switchport access vlan 50

speed 100

duplex full

Switch

interface Vlan50

ip address 10.64.50.254 255.255.255.0

!

interface GigabitEthernet0/40

description to e1 on IF1

switchport access vlan 50

switchport mode access

load-interval 30

speed 100

duplex full

=========================================

Regards,

You'd better to sniffer the packet on switch port via SPAN to see what kind of packets are sending to ASA.

I couldn't find anything there either. I checked other forums and find out quite of number folks reporting this issue with the ASA5505 which lead to me believe it is a problem with the hardware software and nothing else. It would be great to know when this is fixed.

Not sure if you have verified this -- ethernet keepalive.

1. change keepalive to 20 sec on switch port.

2. on ASA check "show controller ethernet x/y | i Filtered" to see if the ingress filtered number is incrementing in the same speed as keepalive.

Anyway, if it won't impact the traffic, it should be OK. I did not find any new bug regarding to this so far.