Packet dropped counter in the show interface command output

Available Languages

Download Options

  • PDF     (6.9 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (69.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (67.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:August 31, 2012
Document ID:113680

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document provides information why the packets dropped counter in the show interface command output increases.

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Q. I see the packets dropped counter in the show interface command output increasing. How do I troubleshoot what causes this counter to increment?

A. The packets dropped counter in the show interface command output from the Adaptive Security Appliance (ASA) represents all dropped packets on the interface. This counter includes all security related packet drops. It is expected that this counter will always increment on a production ASA. Again, it is normal and expected for the packet dropped counter to increase on a regular basis. 

ciscoasa(config)# show interface ethernet 0/0
Interface Ethernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 100 Mbps, DLY 100 usec
    Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
    Input flow control is unsupported, output flow control is off
    MAC address 001b.d454.c092, MTU 1500
    IP address 10.36.109.93, subnet mask 255.255.0.0
    23990802 packets input, 1619288894 bytes, 0 no buffer
    Received 22034675 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    58006 L2 decode drops
    912400 packets output, 58393600 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 25 interface resets
    0 late collisions, 0 deferred
    40 input reset drops, 0 output reset drops, 0 tx hangs
    input queue (blocks free curr/low): hardware (255/241)
    output queue (blocks free curr/low): hardware (255/253)
  Traffic Statistics for "outside":
    23932752 packets input, 1184782039 bytes
    912408 packets output, 25547424 bytes
    1785822 packets dropped
      1 minute input rate 8 pkts/sec,  429 bytes/sec
      1 minute output rate 0 pkts/sec,  7 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 8 pkts/sec,  395 bytes/sec
      5 minute output rate 0 pkts/sec,  7 bytes/sec
      5 minute drop rate, 0 pkts/sec
ciscoasa(config)#

You can use the show asp drop command to see more specific reasons for these packet drops. Do not confuse the packets dropped counter with the interface error counters. Any input or output errors are the result of dropped packets due to utilization.

Related Information

Revision History

Revision Publish Date Comments
1.0
31-Aug-2012
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Brendan Quinn
    Cisco TAC Engineer.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products