Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

switch ingress policy drops

I am seeing a lot of drops on the interface connected to the inside network. The sh int command reveals a lot of "switch ingress policy drops". What causes it and can be it be fixed?

The ASA 5505 is running ver 7.24

rgds,

7 REPLIES

Re: switch ingress policy drops

Are user reporting any performance issue?

If not, check the following bug.

CSCsz33819 "switch ingress policy drops" are corrupted every 65535 packets

Bronze

Re: switch ingress policy drops

No, users are not reporting any performance issues. I recently upgraded its software to release 8.0(4) release August 10 2008 but that did not seem to resolve the problem.

Re: switch ingress policy drops

In that case, you can refer to "Table 26-13 show interface for Switch Interfaces Fields" in the link below to see which drop reason could be applied in your case.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427809

Bronze

Re: switch ingress policy drops

Thanks much for the quick reply. None of the mentioned applied to my situation. Please see below:

ASA5505

interface Vlan50

nameif inside

security-level 100

ip address 10.64.50.15 255.255.255.0

!

interface Ethernet0/1

description Uplink to gig0/40 on Core

switchport access vlan 50

speed 100

duplex full

Switch

interface Vlan50

ip address 10.64.50.254 255.255.255.0

!

interface GigabitEthernet0/40

description to e1 on IF1

switchport access vlan 50

switchport mode access

load-interval 30

speed 100

duplex full

=========================================

Regards,

Re: switch ingress policy drops

You'd better to sniffer the packet on switch port via SPAN to see what kind of packets are sending to ASA.

Bronze

Re: switch ingress policy drops

I couldn't find anything there either. I checked other forums and find out quite of number folks reporting this issue with the ASA5505 which lead to me believe it is a problem with the hardware software and nothing else. It would be great to know when this is fixed.

Re: switch ingress policy drops

Not sure if you have verified this -- ethernet keepalive.

1. change keepalive to 20 sec on switch port.

2. on ASA check "show controller ethernet x/y | i Filtered" to see if the ingress filtered number is incrementing in the same speed as keepalive.

Anyway, if it won't impact the traffic, it should be OK. I did not find any new bug regarding to this so far.

5919
Views
0
Helpful
7
Replies