Link to home
Start Free TrialLog in
Avatar of Affiliated_IT
Affiliated_ITFlag for Canada

asked on

Cisco Interface Errors

Hello everyone,

I'm having issue with the dmz interface which is slow at transfer and has packet loss as well.
There are a lot of CRC errors and broadcasts. For the CRC, i changed ports, cabling and swapped switches, I'm starting to eliminate the hardware probabilty. For the broadcasts I have no clue who or what is creating... I installed wireshark and did packet capture..nothing un-usual
The dmz interface has 6 machines and so much broadcast just does not make any insight as well as the L2 decode. Input errors ?!
I added the inside interface as a reference (inside is ok traffic wise)

Any insight ?

Interface Ethernet1 "inside", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
        MAC address 000f.8f7f.7758, MTU 1500
        IP address 10.99.0.1, subnet mask 255.255.0.0
        10052992 packets input, 4837751260 bytes, 0 no buffer
        Received 1637 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        10403854 packets output, 4696051482 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/68)
        output queue (curr/max packets): hardware (2/128) software (0/50)
  Traffic Statistics for "inside":
        10056276 packets input, 4680551945 bytes
        10407891 packets output, 4511434135 bytes
        41750 packets dropped
      1 minute input rate 220 pkts/sec,  81339 bytes/sec
      1 minute output rate 246 pkts/sec,  168548 bytes/sec
      1 minute drop rate, 1 pkts/sec
      5 minute input rate 244 pkts/sec,  99386 bytes/sec
      5 minute output rate 270 pkts/sec,  176996 bytes/sec
      5 minute drop rate, 1 pkts/sec
Interface Ethernet2 "dmz1", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
        MAC address 0005.5d19.6960, MTU 1500
        IP address 192.168.1.1, subnet mask 255.255.255.0
        5729273 packets input, 2960797665 bytes, 0 no buffer
        Received 142276 broadcasts, 16825 runts, 0 giants
        19372 input errors, 2547 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        79768 L2 decode drops
        4827751 packets output, 2109175930 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/45)
        output queue (curr/max packets): hardware (0/91) software (0/1)
  Traffic Statistics for "dmz1":
        5631403 packets input, 2866767506 bytes
        4827970 packets output, 2021171329 bytes
        19811 packets dropped
      1 minute input rate 114 pkts/sec,  68861 bytes/sec
      1 minute output rate 91 pkts/sec,  26801 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 179 pkts/sec,  108489 bytes/sec
      5 minute output rate 142 pkts/sec,  51811 bytes/sec
      5 minute drop rate, 0 pkts/sec
Avatar of terrygreensill
terrygreensill
Flag of United Kingdom of Great Britain and Northern Ireland image

is the Speed and duplex set the same at both ends on the DMZ interface + DMZ Switch?
Avatar of Affiliated_IT

ASKER

The dmz switch is a trendnet 10/100 and has no management interface, the machines connected to it as well as the firewall state it's a 100mbps connection. My guess is that there is smth else
ASKER CERTIFIED SOLUTION
Avatar of jlindler
jlindler

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would expect an ASA interface to an unmanaged switch to look like

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

Yours looks like it is hard-set to 100/full while connected to a dumb non-managed switch. I can guarantee you that this causes a duplex mismatch that causes all these exact errors and slow throughput.

Interface Ethernet2 "dmz1", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
       Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)