Affiliated_IT
asked on
Cisco Interface Errors
Hello everyone,
I'm having issue with the dmz interface which is slow at transfer and has packet loss as well.
There are a lot of CRC errors and broadcasts. For the CRC, i changed ports, cabling and swapped switches, I'm starting to eliminate the hardware probabilty. For the broadcasts I have no clue who or what is creating... I installed wireshark and did packet capture..nothing un-usual
The dmz interface has 6 machines and so much broadcast just does not make any insight as well as the L2 decode. Input errors ?!
I added the inside interface as a reference (inside is ok traffic wise)
Any insight ?
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address 000f.8f7f.7758, MTU 1500
IP address 10.99.0.1, subnet mask 255.255.0.0
10052992 packets input, 4837751260 bytes, 0 no buffer
Received 1637 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
10403854 packets output, 4696051482 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/68)
output queue (curr/max packets): hardware (2/128) software (0/50)
Traffic Statistics for "inside":
10056276 packets input, 4680551945 bytes
10407891 packets output, 4511434135 bytes
41750 packets dropped
1 minute input rate 220 pkts/sec, 81339 bytes/sec
1 minute output rate 246 pkts/sec, 168548 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 244 pkts/sec, 99386 bytes/sec
5 minute output rate 270 pkts/sec, 176996 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Ethernet2 "dmz1", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address 0005.5d19.6960, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
5729273 packets input, 2960797665 bytes, 0 no buffer
Received 142276 broadcasts, 16825 runts, 0 giants
19372 input errors, 2547 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
79768 L2 decode drops
4827751 packets output, 2109175930 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/45)
output queue (curr/max packets): hardware (0/91) software (0/1)
Traffic Statistics for "dmz1":
5631403 packets input, 2866767506 bytes
4827970 packets output, 2021171329 bytes
19811 packets dropped
1 minute input rate 114 pkts/sec, 68861 bytes/sec
1 minute output rate 91 pkts/sec, 26801 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 179 pkts/sec, 108489 bytes/sec
5 minute output rate 142 pkts/sec, 51811 bytes/sec
5 minute drop rate, 0 pkts/sec
I'm having issue with the dmz interface which is slow at transfer and has packet loss as well.
There are a lot of CRC errors and broadcasts. For the CRC, i changed ports, cabling and swapped switches, I'm starting to eliminate the hardware probabilty. For the broadcasts I have no clue who or what is creating... I installed wireshark and did packet capture..nothing un-usual
The dmz interface has 6 machines and so much broadcast just does not make any insight as well as the L2 decode. Input errors ?!
I added the inside interface as a reference (inside is ok traffic wise)
Any insight ?
Interface Ethernet1 "inside", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address 000f.8f7f.7758, MTU 1500
IP address 10.99.0.1, subnet mask 255.255.0.0
10052992 packets input, 4837751260 bytes, 0 no buffer
Received 1637 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
10403854 packets output, 4696051482 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/68)
output queue (curr/max packets): hardware (2/128) software (0/50)
Traffic Statistics for "inside":
10056276 packets input, 4680551945 bytes
10407891 packets output, 4511434135 bytes
41750 packets dropped
1 minute input rate 220 pkts/sec, 81339 bytes/sec
1 minute output rate 246 pkts/sec, 168548 bytes/sec
1 minute drop rate, 1 pkts/sec
5 minute input rate 244 pkts/sec, 99386 bytes/sec
5 minute output rate 270 pkts/sec, 176996 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Ethernet2 "dmz1", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
MAC address 0005.5d19.6960, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
5729273 packets input, 2960797665 bytes, 0 no buffer
Received 142276 broadcasts, 16825 runts, 0 giants
19372 input errors, 2547 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
79768 L2 decode drops
4827751 packets output, 2109175930 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
input queue (curr/max packets): hardware (0/1) software (0/45)
output queue (curr/max packets): hardware (0/91) software (0/1)
Traffic Statistics for "dmz1":
5631403 packets input, 2866767506 bytes
4827970 packets output, 2021171329 bytes
19811 packets dropped
1 minute input rate 114 pkts/sec, 68861 bytes/sec
1 minute output rate 91 pkts/sec, 26801 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 179 pkts/sec, 108489 bytes/sec
5 minute output rate 142 pkts/sec, 51811 bytes/sec
5 minute drop rate, 0 pkts/sec
is the Speed and duplex set the same at both ends on the DMZ interface + DMZ Switch?
ASKER
The dmz switch is a trendnet 10/100 and has no management interface, the machines connected to it as well as the firewall state it's a 100mbps connection. My guess is that there is smth else
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would expect an ASA interface to an unmanaged switch to look like
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Yours looks like it is hard-set to 100/full while connected to a dumb non-managed switch. I can guarantee you that this causes a duplex mismatch that causes all these exact errors and slow throughput.
Interface Ethernet2 "dmz1", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Yours looks like it is hard-set to 100/full while connected to a dumb non-managed switch. I can guarantee you that this causes a duplex mismatch that causes all these exact errors and slow throughput.
Interface Ethernet2 "dmz1", is up, line protocol is up
Hardware is i82559, BW 100 Mbps, DLY 100 usec
Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)