11-27-2010 01:41 PM - edited 03-11-2019 12:15 PM
Backplane of an ASA 5510 is a GB and the total throughput of an ASA 5510 is 300 MB.
The inside interface of an ASA 5510 is connected to a GB 3750 switch.
How can I increase the ASA 5510 throughput?
I am looking to increase the throughtput and performance of my ASA 5510 to support 1 GB. I want to make sure before I order a 4GE SSM. If I add a 4-Port Gigabit Ethernet Security Services Module (4GE SSM) I will get 1 GB throughput. Is my understanding correct?
-NG
11-27-2010 02:59 PM
No, with ASA 5510, you will only get a maximum throughput of 300Mbps.The 4-Port Gigabit Ethernet Security Services Module (4GE SSM) is to provide you with extra 4 gig ethernet ports, and has nothing to do with the maximum through of the appliance itself.
If you would like to get a maximum throughput of 1Gbps, then you would need to purchase ASA 5550.
Here is the ASA model comparison for your reference for throughput of up to 1Gbps:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range
For higher than 1 Gbps throughput, here are the models:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~high-end
Hope that helps.
11-27-2010 04:47 PM
Please, help me explain this a little bit .. ASA 5510 - inside interface speed is 10Mbps.
The problem is that we have this ASA 5510 inside interface connected to a Gigabit 3750 switchport.
We are seeing lot of packet drops on this Gigabit 3750 switchport and I am looking for all the possibilities.
Not sure if it makes sense as I am very new to Cisco ASAs.
-NG
11-27-2010 05:18 PM
Packet drops are normally due to speed or duplex mismatch between the ASA interface and the switch interface.
Check to make sure that the speed and duplex on that particular port matches between the ASA and the switch port.
11-27-2010 07:23 PM
NG,
If you do not need additional ports then, there is no reason to order an SSM 4GE card to get GIG speed.
On the ASA5510 as I mentioned in this link: https://supportforums.cisco.com/thread/2003543
GIG interface support for ASA5510 which was introduced with 7.2 code upgrade.
ASA 7.2 release notes:
http://www.cisco.com/en/US/docs/security/asa/asa72/release/notes/asarn723.html#wp272663
ASA 5510 Security Plus License Allows Gigabit Ethernet for Port 0 and 1
The ASA 5510 adaptive security appliance now has the security plus
license to enable GE (Gigabit Ethernet) for port 0 and 1. If you upgrade
the license from base to security plus, the capacity of the external
port Ethernet0/0 and Ethernet0/1 increases from the original FE (Fast
Ethernet) (100 Mbps) to GE (1000 Mbps). The interface names will remain
Ethernet 0/0 and Ethernet 0/1. Use the speed command to change the speed
on the interface and use the show interface command to see what speed is
currently configured for each interface.
Now, you mentioned that the ports are at 10 MB speed. Why is that?
Do you see this reduced speed when you issue "sh int e0/0" if so, the speed
duplex is not negotiated properly.
Make sure to hardcode both the ASA and the switch end of 100 FULL.
-KS
11-29-2010 05:02 PM
Thanks KS! Good to know this.
As I see on my ASA 5510
Ethernet0/0 - 1000 Mbps
Ethernet0/1 - 100 Mbps
Ethernet0/3 - 100 Mbps
Interface Ethernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Interface Ethernet0/1.11 "inside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Interface Ethernet0/1.12 "LISTENER", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Interface Ethernet0/1.13 "WEB", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Interface Ethernet0/3 "LANFAIL", is up, line protocol is up
Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
- I don't see "speed 1000" command configured under ASA 5510 Ethernet0/0 interface?
- Can a sub-interface Ethernet0/1 also be configured as 1000 Mbps?
- If yes, do you configure speed under the main interface or sub-interface?
- Can Ethernet0/3 failover interface be configured as 1000 Mbps?
- Can you configure "speed 1000" and "duplex full" on fly? Will it effect anything - I mean effect traffic flow?
NG
11-29-2010 07:17 PM
Answers inline...
- I don't see "speed 1000" command configured under ASA 5510 Ethernet0/0 interface?
I'd leave it at auto. I see that it is negotiated for 1GB.
- Can a sub-interface Ethernet0/1 also be configured as 1000 Mbps?
No
- If yes, do you configure speed under the main interface or sub-interface?
Only on the main interface and for gig interface, pls leave at auto on both the ASA and the switch end. Make sure the switch can support gig speed.
- Can Ethernet0/3 failover interface be configured as 1000 Mbps?
No.
- Can you configure "speed 1000" and "duplex full" on fly? Will it effect anything - I mean effect traffic flow?
From what I have heard for 1GB - you configure it as auto/auto on both sides.
-KS
12-02-2010 06:14 AM
As suggested, we configured auto/auto on our ASA. It is connected to a Cisco 3750-48PS-S Gig switch which is also configured for auto/auto, but the ASA interfaces are still showing as 100Mbps.
The ASA verison is 8.0(5) and it has Security Plus license.
Cisco Adaptive Security Appliance Software Version 8.0(5)
System image file is "disk0:/asa805-k8.bin"
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 250
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5510 Security Plus license.
-NG
12-04-2010 09:23 AM
Not sure, but, can a Cisco CSE confirm this for us?
-NG
12-04-2010 04:17 PM
Please kindly be advised that ASA5510 with Security Plus license only have the following default physical interfaces:
2 x 10/100/1000 interfaces
3 x 10/100 interfaces
Please check out the intergrated ports section for ASA 5510 (security plus - in red):
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html#~mid-range
The following are the corresponding speed for the interfaces:
Ethernet 0/0 and 0/1: Gigabit Ethernet
Ethernet 0/2, 0/3, and 0/4: Fast Ethernet
So only ethernet 0/0 and 0/1 can be configured as GIG interfaces (1000 Mbps), the remainder of the interfaces (0/2, 0/3 and 0/4) will only have a maximum of 100 Mbps.
12-04-2010 07:11 PM
Are you saying that both E0/0 and E0/1 are connected to two diff. ports on the same switch Cisco 3750-48PS-S, and E0/0 shows Gig speed but E0/1 only shows 100 MB?
If so, could you pls. swap the ports and see if E0/1 now shows Gig and E0/0 shows 100 MB?
-KS
12-10-2010 12:28 PM
Looking at the ASA inside, outside, LISTENER, WEB interfaces:
outside - 16 MB
inside - 12 MB
LISTENER - 8 MB
WEB - 10 MB
!
interface Ethernet0/0
nameif outside
!
interface Ethernet0/1
!
interface Ethernet0/1.11
nameif inside
!
interface Ethernet0/1.12
nameif LISTENER
!
interface Ethernet0/1.13
nameif WEB
!
Does it mean that the total throughput of my ASA is 16 MB + 12 MB + 8 MB + 10 MB = 46 MB
-NG
12-17-2010 11:15 AM
The ASA 5510 adaptive security appliance now has the security plus license to enable GE (Gigabit Ethernet) for port 0 and 1.
How can I connect an ASA 5510 Ethernet0/0 port to a SFP-based Gigabit Ethernet port?
Is there a converter which can help me to achieve this?
-NG
12-19-2010 07:58 AM
You would connect it like you would if it were just E0/0. Embeded ports do not support SFP.
-KS
12-19-2010 08:00 AM
Through put is not the aggregate of all the ports. Throughput is the speed that you get between two hosts on either side of the firewall.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide