Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA - packets dropped

Hi, I have an Cisco ASA-5510 that have a lot of packet dropped in a sub interface of outside physical interface. Why do this? Is a queue-limit issue?

show interface DMZ_TN

Interface GigabitEthernet0/2.14 "DMZ_TN", is up, line protocol is up

Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec

VLAN identifier 14

Description: TN_DC_IPLAN

MAC address 001b.d454.d748, MTU 1500

IP address 10.255.254.25, subnet mask 255.255.255.248

Traffic Statistics for "DMZ_TN":

474449896 packets input, 72933751716 bytes

468169696 packets output, 47492362184 bytes

1509612 packets dropped

1 REPLY

Re: ASA - packets dropped

Hi Federico,

This drop counter increments when a packet is dropped in the accelerated security path (ASP). This can be caused by anything from a bad packet to a configured ACL.

The output of 'show asp drop' will list counters for all of the reasons why a packet was dropped (since they were last cleared).

'show asp drop':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1351326

'show interface':

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s3.html#wp1427809

Hope that helps.

-Mike

1645
Views
0
Helpful
1
Replies