Cisco Catalyst 3750 connected to Cisco ASA 5505 and dropping packets

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Bo102010 on Server Fault See other posts from Server Fault or by Bo102010
Published on 2011-07-27T22:51:37Z Indexed on 2014/06/10 3:29 UTC
Read the original article Hit count: 459

Filed under:
|
|

(Cross posted from Super User per suggestion there)

At the office, I have inherited a network that I am still trying to fully comprehend. I have a problem today with a new connection between:

  • A port on a Cisco Catalyst 3750 [WS-C3750G-48TS-S running C3750-IPSERVICESK9-M version 12.2(53)SE1]
  • A port on a Cisco ASA 5505 [ASA Software version 8.3(2)]

The 3750 is home to a Vlan that has a few ports assigned to it.

interface Vlan3
 description Internal network (172.18.160.0/24)
 ip address 172.18.160.1 255.255.255.0

I have a host (outside of my control) that needs to be in this VLAN (i.e it must have an address 172.18.160.something/24) that also needs to access the Internet.

To accomplish this, I ran a link from the Catalyst (Gi1/0/13) to the ASA (Ethernet 0/5). I configured the Catalyst port like so:

interface GigabitEthernet1/0/13
 description To ASA, 172.18.160.69
 switchport access vlan 3
 switchport mode access
 speed 100
 duplex full

I configured the ASA like so:

interface Vlan1
 nameif inside
 security-level 100
 ip address 172.18.160.69 255.255.255.0

interface Ethernet0/5
 speed 100
 duplex full

Then I plugged the host into Ethernet 0/4 on the ASA and instructed its owner to make its default gateway 172.18.160.69. I made a NAT rule in the ASA and set up some rules, and it's able to access the Internet without issue.

However, I noticed that the Catalyst reports a ton of packets being dropped toward the ASA.

Catalyst3750#show interfaces GigabitEthernet 1/0/13 | include counters|drops
  Last clearing of "show interface" counters 00:28:13
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 136909347

This is a huge number of drops, since there's not much traffic on this VLAN at all.

I tried these things:

  • Make sure speed and duplex agree on both sides (100 Mbps / Full)
  • Set no cdp enable on the Catalyst Gi10/13
  • Set no keepalive on the Catalyst Gi10/13
  • Checked for excessive CPU usage on both
  • Checked for excessive traffic on both

Am I missing something? Any help would be appreciated.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about firewall

Related posts about cisco

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle