Sonicwall WAN port RX errors

I am seeing a very high number of "RX errors" on the X1 (WAN) port of my SonicWall NSA 3500.  This is the port that plugs into a small switch that connects to my Comcast fiber Internet circuit.

I looked at the log and am seeing a lot of "IP Spoof" alerts there.  Is that what is causing my "RX Error" counts to rise and if so, how do I stop that?  (Or is that something I have to contact my ISP, (Comcast), about?)

If not what other causes could be resulting in this high number of "RX errors" being reported?

I am *NOT* a Sonicwall expert.

thank you,
Jeff
jgrammer42Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi jgrammer42,

What do you mean "RX errors" can you provide the log incident of this or a screenshot?

What is going on outside of the logs? Are transmissions failing inbound?
0
jgrammer42Author Commented:
diverseit,

Sure.  Please see the attached screen shot.  I circled in red the issues I am seeing.  

The complaint I am getting from endusers is slow internet.  And they believe it is because of Sonicwall's content filtering.  Which makes no sense.  But this error seems like a very real culprit.

Thank you,
Jeff

Screen of Sonicwall 3500 Interfaces view
0
Blue Street TechLast KnightCommented:
Hi Jeff,

Rx errors are typically from the following:
Half/Full Duplex mismatches
Faulty driver, NIC or transceiver
Faulty cable
Cable runs are too long
A jabber is present
High traffic or network design problems
Occasional errors are not a problem, however constant errors on the same port indicate a problem with the cable or device on that port.

A rule of thumb is one error in 5,000, e.g. on average, for every 5,000 packets received you should have no more than one receive error (CRC, alignment, runt, short, giant, or too long). That said, you have 310,796 errors and you should have about 1,697 or less before seeing performance degradation.

So test the connecting cables, switch ports, and between each event retest so that you can isolate the root cause.

The person or people who said its because of Content Filtering Service (CFS) are ignorant. It's just rubbish.

To prove it to them simply disable CFS and the errors will still continue to come in and performance will still be degraded or poor.

Let me know how it goes!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

jgrammer42Author Commented:
diverseit,

That is exactly what I suspecting, and if this had been a Cisco router or ASA, exactly what I would have done first.

But the Sonicwall is so new to me, that I wanted to verify that what I was seeing was what I suspected.

Thank you very much for the help,
Jeff

(I will close this ticket and assign points when I get the cable changed out this weekend and clear the counters...want to make sure that corrects things first.)
0
Blue Street TechLast KnightCommented:
Sounds good! I'll be here.

I hear ya, learning new firewalls...are always interesting!
0
Blue Street TechLast KnightCommented:
So how'd it go?
0
jgrammer42Author Commented:
Hi diverseit,

I was just going to post when I saw you had done so.

Changing the cables has not made any difference.  The current LAN switch is a Netgear switch.  (Frankly, I think those are just garbage, and I am very suspect of it.)  But I cannot change out the switch until I send them a replacement.  The site having this issue is remote to where I am.

Any other thoughts, while I am arranging to have another switch sent to them?

Thank you,
Jeff
0
Blue Street TechLast KnightCommented:
Frankly, I think those are just garbage, and I am very suspect of it.
Especially unmanaged residential Linksys/Cisco switches. Cheap inexpensive switches will do it every time. I have solved many similar issues especially when they are unmanaged switches...one port goes bad and starts a plethora of issues.

It's most likely going to be either cables or ports. Since you replaced the cables its pointing toward ports now, but I'd test the cables regardless for good measure...sometimes the terminations loosen at the heads. And typically there is one port on the switch that is faulty so until you get the other gear try testing other ports (if you have the availability too).
0
Blue Street TechLast KnightCommented:
How's it going?
0
jgrammer42Author Commented:
diverseit,

I have not been able to change out the Netgear switch for a Cisco 2950 switch I had that I know was in very good working condition to verify if it was that Netgear or not.  However, I am pretty convinced that this is absolutely a LAN issue.

One quick question:  (Now I have NEVER seen this before, and cannot imagine it is happening, but I want to ask anyway.)

Is there a chance that the ethernet port of the Sonicwall itself is causing "receive" errors?  

Again, I have NEVER seen a situation where an ethernet port was bad and was exhibiting problems through "received" packets...."transmitting" yes..."receiving"?  I have never seen that.  but I just want to ask if you, (or anyone else), has ever heard of that.

thank you again,
jeff
0
Blue Street TechLast KnightCommented:
No you'd see transmitting errors if that were the case on the upstream flow.

Most of the time people tend to view received errors on a unit and then troubleshoot it from there not checking the other devices to see if there are transmitting errors on the corresponding side. This can only be done, obviously, if the other device has the capability of reporting a transmitting error.

I'd continue to isolate as much as you can. Changing only one thing at a time then testing to isolate the variables. If you have a cable tester check integrity, switch Ethernet cables, test ports if you have a port integrity tester otherwise change ports to test between good/bad.

Keep me posted.
0
jgrammer42Author Commented:
diverseit,

I certainly will keep you posted.  I do not want to let this question languish too long, but I would like to keep it going as a thread for a few more days.  Then I will close it and award you the points.  My apologies for taking so long with this.

Thank you for all of your help,
Jeff
0
Blue Street TechLast KnightCommented:
My pleasure!

Sure, sounds good!
0
Blue Street TechLast KnightCommented:
Any update on this?
0
jgrammer42Author Commented:
divverseit,
Thank you VERY much for your help and patience.  I have not been able to get the client to let me change out the switch just yet, but I am going to go ahead and close this question, and assign points now.  If I have any other questions, I will open a new one.  

Thank you very much again!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.