My Expertise with Cisco ASA is Very less. I have observed Input errors in a Couple of Interfaces in Cisco ASA 5540 Firewall. [code] I need to Clear the Input errors on this particular Interface.Will Clear interface GigabitEthernet 0/0 will work?
I have an issue with input errors, overruns, and input reset drops on the inside interface of an 5580-40 (v8.2.5: Transparent mode) The box is not stressed at all according to the 'show' commands in the Cisco troubleshooting performance document for PIX/ASA v8.2.5. Nothing stands out because is pretty much normal, nothing (processes, RAM, blocks, IO...) really being highly utilized. I have replaced the 10Gig card and that seemed to work because the rate of errors has gone down tremedously. The next step is to RMA the whole box.My question is what would be the cause of the inside interface to stop processing traffic (I say that because the syslog server stops receiving messages) for some periods of 30 seconds periodically throughout the day and clients lose their connections (ie Outlook, IBM Sametime, Oracle, MSSQL..etc). Can the issue be somewhere related to the overruns and input errors?
No date in the TOP-N Interface Errors portlet showing in LMS 4.1, but data for TOP-N Interface Utilization is displayed like expected. The Interface Errors poller show active(without errors) with same Instances as Interface Utilization.
I use an 1841 router as an internet facing firewall with a 10MB MetroE connection. Lately users started reporting slow internet download speeds and web pages timing out. Bandwidth reports do not show the link as being saturated so I looked at the interfaces on the 1841. The interface connected to the provider shows OK as far as errors but the LAN side of the router shows steadily increasing input errors. It doesn't show any other errors, no CRC, frame, runts, giants or overruns, just generic input errors. What type of errors are those? Nothing is being logged on the console.
I moved the connection to another switch ports and the errors continue. I switched it down to 10MB and also changed the switch and the errors slow down but don't stop. Interestingly, the switch side never shows any errors. What can I do here? I guess it can be a bad interface but that is such a rare thing that I am hesitant to replace the router.
We are facing since one month in our two Cisco WS-C3750G-12S on many interfaces input errors when data transer or ping (ICMP) increase input erros. Not only port 1 but many interface has same issue, i have change new IOS but still same issue, once i have erase startup config but same issue we are facing and finaly i have replace same new switch with the same IOS it's working fine.(c3750-ipservicesk9-mz.122-55.SE4.bin) [code]
Why packets overrun are incrementing on the ASA even when I've only 40Mbps of throughput traffic?All interface are 1000- Full Duplex, both on ASA and on Catalyst3750.I've test the ASA5540 generating GET HTTP, about 40Mbit of traffic.When I use one ingress interface and one egress interface, interface input overrun counter is zero.When I use the same traffic with 3 ingress interfaces(slot0) and 3 egress interfaces(slot1), interface input overrun counter increase(60k overrun in only 2 minutes).
Our ASA 5510 is running 8.0(5). We recently upgraded the license from base to security plus. By doing so the capacity of the the external port Ethernet0/0 and Ethernet0/1 should increase from the original FE to GE. But, we were still seeing 100 Mbps on our Ethernet0/0 interface. We figured that out that the provider switch is only supporting 100 Mbps which is a bottleneck for us.The provider will be upgrading there switches to 1 Gb switch.
We will have to swap the switch connections now from 100 Mbps to 1 Gb switch.What commands should we be familar ourself with?Though this will be doine in our maintenace window.All the transaltions/connections will be dropped in our production environment so we are kind of scared.
I am connecting the inside interface to an upstream switch and therefore will need to assign a static IP address to the inside address as I did below:
#sho int ip brief Vlan1 123.123.123.123 YES manual up up
I will also use this to manage the ASA. I am having a problem with the network configuration of the inside interface as I can't ping the gateway and/or the in IP of the inside interface.Do I need to add any routes?
I have been making effort to solve frequent input errors of module interface(WS-X4548-GB-RJ45) in our Backbone Switch(Cat4506).Let me show you show interface information.Rx-No-pkt-buff value is increased continuously even though traffic rate of interfaces is lower than 20Mbps.We have two Backbone Switch which is operated by HA via HSRP.What bring buffer shortage to our network ? [code]
I have a pair of 5505's in transparent mode and connected them to C2960S. The inside interface (which is VLAN5 on the switchport) keeps dropping, going in to error state. There is no log reference in the switch and the interface shows as UP. The standby ASA has no problem, both interfaces on the switch is up. As soon as I failover the units over, the active node inside interfaces drops.
I am looking at the interface stats of port Fa1/0/2 and see something strange. Ouput drops are 42Billion in 16mins, then 21249 few seconds later, then followed by 42Billion drops again, then 21444...and so forth..I keep getting an entirely different output drops reading everytime i refresh within seconds of each refresh!
sh int fa1/0/2 FastEthernet1/0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is ecc8.8266.d604 (bia ecc8.8266.d604) Description: MSGMERGF1 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 12/255, rxload 11/255
One of my wi-fi site having 2nos cisco 2950 switchs. in that network some D-link unmanageble swithes also there and access points also connected to cisco switchs and D-link switchs.after one or two days i am not able to connect the wi-fi, then i need to restart the access point then only wi-fi is working fine.I upgraded the latest ios also.I connected some access points to the cisco switch ports, those ports are showing crc error messages like below. [code]
I am switching a switch connecting to the ASA5550 tomorrow. My current switch is using fiber connecting to the ASA. The new one only support copper. If I switch between fiber to copper on the ASA (change media-type command on interface) will it cause a down time? I have VPN tunnel on the ASA and don't want the session to reset.
I have a AIR-AP1121G-A-K9 running c1100-k9w7-tar.123-7.JA2 (Autonomous)We have monitoring setup with Orion NPM and we consistently see output errors, Transmit discards and big buffer errors The users at the site have not reporting any issues but was wondering how to prevent these or are these normal?What causes the output errors on Wireless Radio ? How to troubleshoot further ?
Radio0-802.11G Total Output Errors 0 47749 Small Buffer Misses 4 misses 139 misses
I have two 3560G 24 port switches. Each of them connects to some 3560G or 2950 switches. Trunks between 3560G are set as 1000/full. Trunks between 3560G and 2950 are set as 100/full. show int status also shows the interface negotiation is 100/full for trunks between 3560G and 2950. The issue is I keep getting outdiscard errors in trunks between 3560G and 2950. At 2950 switches, I see Recv-errors too. I checked all the trunks traffic. They are totally not high. Only serveal mbps. Most time even lower than 1mbps.
I googled this kind of issue online. I see it could be possibly caused by high volume traffic higher than the capacity. But it appears the traffic there is not high enough to cause this kind of issue. Is there any possiblity that could cause this problem?
The below is 3560G trunk configuration for 2950 switch
interface GigabitEthernet0/10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-122,124-4094 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust cos auto qos voip trust
the trunk configuration at 2950 switch: interface FastEthernet0/24 switchport trunk allowed vlan 1-122,124-4094 speed 100 duplex full
I am having problems with the Cisco VPN Client software version 5.0.07.0290 installed on a Windows 7 x64 Client.When attempting to connect through the VPN client I am being prompted with the following error: [code]
The client did not match the firewall policy configured on the central site VPN device. Cisco Systems Integrated Client Firewall should be enabled or installed on your computer.
The backend infrastructure used is a Cisco VPN 3000 Concentrator which has a Cisco PIX 525 Firewall.When the Firewall is disabled, the connection is made with no errors. But obviously, this is not good practice.The problem seems to lie with the Local Client Firewall?
3560--------------------------2960 connects via single mode Fiber and now will have another redundant Link between 3560 and 2960 with Ethernet interface ( Wireless). 3560------------trunk config---------2960 < Fiber Link >
what config I need on Ethernet interface on 3560 and 2960?what config is needed to alwayz have fiber as primary connection and Wireless as backup.
- almost all other online applications work just fine (including voice over ip and games) What I've tried (without any success):
1.) I could connect in either case using my old laptop! Thus it works on a different computer, from the same network, at the same/similar time. Thus I concluded it must be somehow related to this laptop (its a new laptop).
2.) The TS2 server & entered information is 100% working, same applies to torchlight2 - also latest updates installed and of course the game is totally legal.
3.) Windows firewall: all the mentioned programs are on the allowed list. Also check whether its correctly set to "home network". Futhermore I also tried disabling the windows firewall entirely.
4.) No other firewall program in use.
5.) Check all programs I know of which might be related to network traffic (e.g. Qualcomm Atheros Killer Network Manager - disabled it).
6.) Tried both, wireless and ethernet cable connection.
7.) I even tried running the game, torchlight 2, via Tunngle (explained in a layman's words: a program that simulates Lan over the internet).
Some Information about my system:Its a new laptop. Network card is labled as "Killer e2200 PCI-E Gigabit Ethernet Controller.Runs Windows 7 and did start out empty: i.e. I installed every single program running on the machine and as far as I know none of them should have anything to do with network. Virus scanner is the lastest version of AVG free (no firewall included).
I just added a new 5510 failover unit to an existing 5510 and when connecting my new outside interface on an Active/Standby firewall pair, i get errors messages (red x) on each port scan (monitor & syslog) although the error message indicate all ports are good...additionally the firewalls flip between active and standby non stop. I remove the new standby unit outside interface from a shared switch and everything clears up.
How can i add two data vlans on cisco 2960 on one interfase? i have 3 mac adresses on one interfase: one PC, one ipphone and one XP virtual machine(VM). PC and VM are in one data vlan and phone is in voice vlan. i need to place the VM in another data vlan is it possible? if so could you give me a link or place information here.
At one of my sites, I have a 100mbit TLS. For this connection to work properly, the port on my end needs to be setup for 100mbit, full duplex. When I connect the TLS to an interface on my Cisco 2821, configured at 100/full, it works perfectly. Now the confusing part, I'm trying to connect the TLS to a Catalyst 2960. I configure the necessary port for 100/full, and get 'notconnect' on that interface. I set the interface to auto/auto, and it negotiates at 100/half and causes collisions and packet loss.
I have two Catalyst 2960 Series (48 port) switches with the newest Cisco IOS installed. There is also a Cisco 2600 Series Router which I can't manage because it's ISP managed.
Now the problem is as follows. I'd like to create two VLANs, one in the IP range 192.168.0.xxx and the other in the 192.168.1.xxx. Now the router has a gateway IP address 192.168.1.1 .
Would it be possible to somehow connect these two VLANs with the router so that these 2 VLANs can't see each other but they can ofcourse both contact the router and exit on the internet?
i noticed the "output drops" increasing in interface gi 1/0/1 in my switch 2960-S although the utilization of my interface is between 20% and 50 %
SW__A#sh interfaces gigabitEthernet 1/0/1 GigabitEthernet1/0/1 is up, line protocol is up (connected) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 93/255, rxload 3/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec)
I am currently getting a strange error when trying to use and crypto services on our ASA 5520 (8.0.3)Initially I observed that a connected VPN had dropped.Then when I attempted to use ASDM or SSH I was blocked.
In the end I opened telnet as a test and this was successful. Syslog also shows that traffic is passing as normal.The only obvious error I can see when observing various debug traces is this;
FW02# CTM: rsa session with no priority allocated @ 0xCF1FBBA0 CTM: Session 0xCF1FBBA0 uses a nlite (Nitrox Lite) as its hardware engine CTM: rsa context allocated for session 0xCF1FBBA0 CTM: rsa session with no priority allocated @ 0xCE7A5EA8
We are having Cisco ASA 5540 having Cisco Adaptive Security Appliance Software Version 8.0(5)23 at certain time of moment daily wer are facing latency and packetdrop wherin when I checked for ASA Interface which gives me " Input Errors" on outside interface ,so can any one tell me what are the causes to get input errors on cisco asa outisde interface.