Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

switch ingress policy drops on ASA5505

So I was poking around my ASA5505 today and noticed the port I have connected to my 1242AP had a ton of switch ingress policy drops. ASA's been on for about 10 days but there are around 12 billion of them.

I read something about the vlan interface name, but both vlans are named.

Any ideas?

Interface Ethernet0/7 "", is up, line protocol is up

Hardware is 88E6095, BW 100 Mbps, DLY 100 usec

Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)

Available but not configured via nameif

MAC address 001b.54eb.da41, MTU not set

IP address unassigned

5331418 packets input, 706126156 bytes, 0 no buffer

Received 906548 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 L2 decode drops

12884915546 switch ingress policy drops

6231312 packets output, 4126940935 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collisions, 0 deferred

0 lost carrier, 0 no carrier

0 rate limit drops

0 switch egress policy drops

New Member

Re: switch ingress policy drops on ASA5505

paste the interface configs of ASA and switch port where its connected

New Member

Re: switch ingress policy drops on ASA5505

This is the port on the ASA:

interface Ethernet0/7

speed 100

duplex full

It's connected to my 1242AP. Config for the ethernet port on that device:'

interface FastEthernet0

no ip address

no ip route-cache

speed 100


bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

CreatePlease to create content