Just got a 50/50 fiber circuit which is terminated by a 4430 (owned by the ISP).
When I connect a computer directly to the 4430 speed tests are 50/50.
When I connect our firewall (ASA 5505) to the 4430 I only get 30/50 running the same speed tests.
Research found two threads which seem to present a similar issue:
Here is the output from the 4430 "show interfaces" command:
giga-eth 0/2 is UP, line protocol is UP
Description: => Direct connection to LAN
Hardware address is 00:A0:C8:D9:B5:8A
Ip address is 22.214.171.124, netmask is 255.255.255.240
IP MTU is 1500 bytes, BW is 100000 Kbit
100Mb/s, negotiated full-duplex, configured full-duplex
ARP type: ARPA; ARP timeout is 20 minutes
Last clearing of "show interface" counters: never
5 minute input rate 842664 bits/sec, 650 packets/sec
5 minute output rate 5671856 bits/sec, 717 packets/sec
Queueing method: fifo
Output queue: 0/256/0 (size/max total/drops)
Interface Shaper: NOT ENABLED
27198769 packets input, 447923857 bytes
27197810 unicasts, 959 broadcasts, 0 multicasts input
0 unknown protocol, 0 symbol errors, 0 discards
0 input errors, 0 runts, 0 giants
0 no buffer, 0 overruns, 0 internal receive errors
0 alignment errors, 0 crc errors
27822433 packets output, 3289731067 bytes
27787768 unicasts, 27141 broadcasts, 7524 multicasts output
0 output errors, 0 deferred, 0 discards
0 single, 0 multiple, 0 late collisions
0 excessive collisions, 0 underruns
0 internal transmit errors, 0 carrier sense errors
0 resets, 0 throttles
I followed post:
1. I used many different speed test websites and all showed the same 30/50
2. As state above..connecting a computer directly to the 4430 gives me 50/50 everytime
3. I have confirmed with the ISP that FFE is enabled on the interface listed in the output above
4. There are no errors in the output above
5. Ports are negotiated with the proper speed and duplex on both the 4430 and the 5505
6. I have confirmed with the ISP that LLDP is disabled for the above interface
At this point if you are thinking the 5505 is misconfigured, let me explain why I do not think the issue is the 5505.
1. If I have the 5505 failover to our backup ISP, then my speed tests are 50/10 (which is exactly what it should be)
2. To further rule out the 5505, I connected a spare PIX 501 to the 4430 and again my speed tests show 30/50 (same as the 5505)
What could be the issue with the combination of the Adtran router and the Cisco Firewalls?
I plan to try the following:
1. Statically set speed/duplex on both interfaces to 100/full
2. The ISP tech support suggested I try a crossover cable to connect the 4430 to the 5505
I do not think either of these will make a difference, but I am willing to try.
Please advise on any other suggestions.
Thanks in advance.