Problem with 5gt trunk (interface errors)

  • administrators

    I’m getting a very high number of interface errors on the switch that the trust interface of my 5GT is plugged into. The trust interface is trunking 3 different VLAN’s across it. I replaced the cable, changed to a different port on the switch (Cisco 2924) and changed to a different trust interface on the firewall and I’m still getting the errors. Output from the switch is below. This was after clearing the counters about 1 minute previously. There were a bunch of CRC’s before I cleared them also:

    FastEthernet0/21 is up, line protocol is up
    Hardware is Fast Ethernet, address is 0007.eb69.dc55 (bia 0007.eb69.dc55)
    Description: firewall Trust interface
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 219/255, txload 1/255, rxload 2/255
    Encapsulation ARPA, loopback not set
    Keepalive not set
    Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input never, output 00:00:00, output hang never
    Last clearing of “show interface” counters 00:01:09
    Queueing strategy: fifo
    Output queue 0/40, 0 drops; input queue 0/75, 0 drops
    5 minute input rate 1053000 bits/sec, 126 packets/sec
    5 minute output rate 279000 bits/sec, 125 packets/sec
    16032 packets input, 20085902 bytes
    Received 0 broadcasts, 4564 runts, 0 giants, 0 throttles
    4564 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 0 multicast
    0 input packets with dribble condition detected
    15555 packets output, 4875374 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier

    Here are the counters from the 5GT (nothing out of the ordinary):
    ns5gt-> get counter stat inter trust
    Hardware counters for interface trust:
    in bytes 3988993451 | out bytes 3183966324 | early frame 0
    in packets 49503412 | out packets 58225109 | late frame 0
    in no buffer 0 | out no buffer 0 | re-xmt limit 0
    in overrun 0 | out underrun 0 | drop vlan 0
    in coll err 0 | out coll err 0 | out cs lost 0
    in misc err 0 | out misc err 0 |
    in dma err 0 | out bs pak 0 |
    in crc err 0 | out discard 0 |
    in align err 0 | out defer 0 |
    in short frame 0 | out heartbeat 0 |

    Any idea why I would be getting runts and CRC’s on the Cisco side? I did switch the cable and ports, so I doubt it’s a hardware issue with the Cisco or the cable.

    My Untrust interface is on a different vlan on the same switch, and I see no port errors on that one.

  • administrators

    Nope, it’s running in Layer-3 mode. It appears that the 5GT is sending out a ton of runts.

  • hi, just like to ask if you’re in transparent mode config, if yes. you might as well issue this command “set int vlan1 vlan trunk” to allow different vlan tags to pass through on netscreen.