A Lot of Oackets to the Internet Are Lost Due to an Interface Negotiation Problem

Publication Date:  2012-07-17 Views:  66 Downloads:  0
Issue Description
The USG5000 is connected to a switch of vendor C for a test at an office site. The test discovers that 30% of packets to the Internet are lost.

Alarm Information
Handling Process

1.          Ping the firewall. The result indicates that a lot of packets are lost. Ping the switch. No packet loss is detected.

2.          Check for packet loss on the firewall. No packet loss occurs on the firewall.

3.          Check the configured policies. No problem is found. Delete all policies. A lot of packets are still lost. Therefore, this problem is hardly relevant to policies.

4.          Check whether the packets are lost between the firewall and the switch. Log in to the C3500, and finds that the state of the C3500 interface connecting to the firewall changes between up and down repeatedly.

5.          The C3500 is old and of an early version. The problem may be caused by interface negotiation.

6.          Adjust the negotiation modes of the two interfaces. The negotiation succeeds, only when the C3500 interface is in mandatory Gigabit full duplex mode and the USG5000 interface is in adaptive mode.

Root Cause

1.          The firewall discards packets.

2.          The policy configuration is improper.

Generally you need to set the two connected interfaces to the same negotiation mode when you connect two devices. However, the two connected devices can communicate normally only when the connected interfaces are set to different negotiation modes in some special cases.