Cisco Interface Errors

Hello everyone,

I'm having issue with the dmz interface which is slow at transfer and has packet loss as well.
There are a lot of CRC errors and broadcasts. For the CRC, i changed ports, cabling and swapped switches, I'm starting to eliminate the hardware probabilty. For the broadcasts I have no clue who or what is creating... I installed wireshark and did packet capture..nothing un-usual
The dmz interface has 6 machines and so much broadcast just does not make any insight as well as the L2 decode. Input errors ?!
I added the inside interface as a reference (inside is ok traffic wise)

Any insight ?

Interface Ethernet1 "inside", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
        MAC address 000f.8f7f.7758, MTU 1500
        IP address 10.99.0.1, subnet mask 255.255.0.0
        10052992 packets input, 4837751260 bytes, 0 no buffer
        Received 1637 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 L2 decode drops
        10403854 packets output, 4696051482 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/68)
        output queue (curr/max packets): hardware (2/128) software (0/50)
  Traffic Statistics for "inside":
        10056276 packets input, 4680551945 bytes
        10407891 packets output, 4511434135 bytes
        41750 packets dropped
      1 minute input rate 220 pkts/sec,  81339 bytes/sec
      1 minute output rate 246 pkts/sec,  168548 bytes/sec
      1 minute drop rate, 1 pkts/sec
      5 minute input rate 244 pkts/sec,  99386 bytes/sec
      5 minute output rate 270 pkts/sec,  176996 bytes/sec
      5 minute drop rate, 1 pkts/sec
Interface Ethernet2 "dmz1", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
        Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
        MAC address 0005.5d19.6960, MTU 1500
        IP address 192.168.1.1, subnet mask 255.255.255.0
        5729273 packets input, 2960797665 bytes, 0 no buffer
        Received 142276 broadcasts, 16825 runts, 0 giants
        19372 input errors, 2547 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        79768 L2 decode drops
        4827751 packets output, 2109175930 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 babbles, 0 late collisions, 0 deferred
        0 lost carrier, 0 no carrier
        input queue (curr/max packets): hardware (0/1) software (0/45)
        output queue (curr/max packets): hardware (0/91) software (0/1)
  Traffic Statistics for "dmz1":
        5631403 packets input, 2866767506 bytes
        4827970 packets output, 2021171329 bytes
        19811 packets dropped
      1 minute input rate 114 pkts/sec,  68861 bytes/sec
      1 minute output rate 91 pkts/sec,  26801 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 179 pkts/sec,  108489 bytes/sec
      5 minute output rate 142 pkts/sec,  51811 bytes/sec
      5 minute drop rate, 0 pkts/sec
LVL 3
Affiliated_ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

terrygreensillCommented:
is the Speed and duplex set the same at both ends on the DMZ interface + DMZ Switch?
Affiliated_ITAuthor Commented:
The dmz switch is a trendnet 10/100 and has no management interface, the machines connected to it as well as the firewall state it's a 100mbps connection. My guess is that there is smth else
jlindlerCommented:
I found on our PIX that even though both end of the connection were hard set to Full and 100MB, we had CRC errors!  Try setting both ends of the connection to negotiate both speed and duplex and see if that clears your errors.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lrmooreCommented:
If the Trendnet switch is unmanaged, then you have to set the firewall to auto negotiate duplex.  It cannot be set to 100/full-duplex
lrmooreCommented:
I would expect an ASA interface to an unmanaged switch to look like

Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)

Yours looks like it is hard-set to 100/full while connected to a dumb non-managed switch. I can guarantee you that this causes a duplex mismatch that causes all these exact errors and slow throughput.

Interface Ethernet2 "dmz1", is up, line protocol is up
  Hardware is i82559, BW 100 Mbps, DLY 100 usec
       Full-Duplex(Full-duplex), 100 Mbps(100 Mbps)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.