Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20934
Views
0
Helpful
1
Replies

L2 decode drops

Go to solution
Andriy Yerofyeyev
Level 1
Level 1

‎09-21-2009 07:25 AM - edited ‎03-11-2019 09:17 AM

Does increasing "L2 decode drops" counter means faulty cable ? ASA (802.1q trunk) connects with 3560.

Interface Ethernet0/1 "", is up, line protocol is up

Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

Available but not configured via nameif

MAC address 0021.a09a.de9f, MTU not set

IP address unassigned

59189 packets input, 13303462 bytes, 0 no buffer

Received 9951 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

13319 L2 decode drops

41659 packets output, 5683701 bytes, 0 underruns

0 output errors, 0 collisions, 3 interface resets

0 late collisions, 2 deferred

0 input reset drops, 0 output reset drops, 0 tx hangs

input queue (blocks free curr/low): hardware (255/248)

output queue (blocks free curr/low): hardware (255/248)

FastEthernet0/18 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 0019.5660.1194 (bia 0019.5660.1194)

Description: asa-1-75broad(e0/1)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 18000 bits/sec, 17 packets/sec

5 minute output rate 36000 bits/sec, 35 packets/sec

87687460 packets input, 1495683997 bytes, 0 no buffer

Received 1901447 broadcasts (0 multicast)

1 runts, 0 giants, 0 throttles

1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 1901389 multicast, 0 pause input

0 input packets with dribble condition detected

243267167 packets output, 1465350456 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
b.julin
Level 3
Level 3

‎09-21-2009 12:36 PM

Not necessarily a faulty cable. Could be traffic on VLANs that the ASA does not have configured. Since you are connected to a switch, there may be PVST spanning tree running on VLANs even though nothing is routed to the ASA.

Use the "allowed vlan" switchport subcommand on the 3560 to black output packets on unknown VLAN IDs. Note with some STP implementations there will always be STP packets going out untagged.

If you are positive nobody is going to accidentally create a packet loop some years down the road when the ASA is removed from that switchport, then you may also want to consider "spanning-tree bpdufilter enable" on the 3560 port.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
b.julin
Level 3
Level 3

‎09-21-2009 12:36 PM

Not necessarily a faulty cable. Could be traffic on VLANs that the ASA does not have configured. Since you are connected to a switch, there may be PVST spanning tree running on VLANs even though nothing is routed to the ASA.

Use the "allowed vlan" switchport subcommand on the 3560 to black output packets on unknown VLAN IDs. Note with some STP implementations there will always be STP packets going out untagged.

If you are positive nobody is going to accidentally create a packet loop some years down the road when the ASA is removed from that switchport, then you may also want to consider "spanning-tree bpdufilter enable" on the 3560 port.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card