I have an ASA5505 connected to a Dlink DI-624 switch through LAN ports (using straight through). Several times a day, if there is no activity coming from the Dlink, the traffic stops flowing. When I look at counters on each side (ASA and Dlink), I notice that the Dlink is no longer transmitting.
My immediate reaction was to think there was a bug with the firmware on the Dlink but when I replaced it with a Linksys switch, I got the same results.
I am concerned about the increasing number of drops due to switch ingress policy drops.
ASA5505(config)# sh int e0/3
Interface Ethernet0/3 "", is up, line protocol is up
?The security appliance is connected to another Cisco device that has Ethernet keepalives. For example, Cisco IOS software uses Ethernet loopback packets to ensure interface health. This packet is not intended to be received by any other device; the health is ensured just by being able to send the packet. These types of packets are dropped at the switch port, and the counter increments.
This drop is usually seen when a port is not configured correctly. This drop is incremented when a packet cannot be successfully forwarded within switch ports as a result of the default or user configured switch port settings. The following configurations are the likely reasons for this drop:
a)The nameif command was not configured on the VLAN interface.
Note: For interfaces in the same VLAN, even if the nameif command was not configured, switching within the VLAN is successful, and this counter does not increment.
b)The VLAN is shut down.
c)An access port received an 802.1Q-tagged packet.
d)A trunk port received a tag that is not allowed or an untagged packet.
In your case there seems to be no problem on ASA. The problem may be because of VLAN traffic not defined properly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...