Troubleshooting Intermittent Packet Drops on LAN
Presenting Symptom
Users report intermittent packet drops and slow application performance during peak hours, but the network appears stable during off-peak times.
Network Context
A small branch office with 50 users connected to a single Cisco Catalyst 2960 switch (IOS 15.0) acting as the access layer. The switch uplinks to a Cisco 4321 ISR router via a trunk port carrying multiple VLANs. The router connects to the WAN. The problem occurs only during business hours when traffic load is high.
Diagnostic Steps
Check interface utilization and errors
show interfaces GigabitEthernet0/1GigabitEthernet0/1 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 0011.2233.4455 (bia 0011.2233.4455)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 5000 bits/sec, 4 packets/sec
5 minute output rate 2000 bits/sec, 2 packets/sec
12345 packets input, 1234567 bytes
Received 1234 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
12345 packets output, 1234567 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outLook for high input/output rates near interface bandwidth, output drops, or errors. If output drops are non-zero, it indicates congestion. If errors (CRC, runts) are present, suspect physical layer issues.
Check for output drops on the uplink interface
show interfaces GigabitEthernet0/1 | include output dropsOutput queue: 0/40 (size/max); 500 output drops
Non-zero output drops indicate the interface is dropping packets due to congestion. This confirms the problem is buffer exhaustion on the switch uplink.
Check the switch's CPU and memory utilization
show processes cpu sorted | include CPUCPU utilization for five seconds: 10%/0%; one minute: 8%; five minutes: 7%
High CPU (e.g., >70%) could indicate a control plane issue, but here it's low, ruling out CPU overload.
Check for interface errors on the access ports
show interfaces status | include err-disabledPort Name Status Vlan Duplex Speed Type Gi0/2 User-PC err-disabled 10 auto auto 10/100/1000BaseTX
If any ports are err-disabled, it indicates a separate issue (e.g., loop, security violation). In this scenario, no err-disabled ports are expected.
Root Cause
The uplink interface (GigabitEthernet0/1) on the switch is experiencing output drops due to insufficient bandwidth during peak traffic. The switch's default queueing strategy (FIFO) does not prioritize critical traffic, causing packet drops for all traffic types when the link is congested.
Resolution
Verification
Run 'show interfaces GigabitEthernet0/1' again and check output drops are zero or decreasing. Also run 'show policy-map interface GigabitEthernet0/1' to verify QoS is active and packets are being classified correctly. Expected output from 'show policy-map interface GigabitEthernet0/1': GigabitEthernet0/1 Service-policy output: QOS-OUT Class-map: CRITICAL (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp ef (46) 0 packets, 0 bytes 5 minute rate 0 bps Match: ip dscp af41 (34) 0 packets, 0 bytes 5 minute rate 0 bps queue limit 128 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0
Prevention
1. Perform capacity planning to ensure uplink bandwidth is sufficient for peak traffic. 2. Implement QoS on all switch uplinks to prioritize critical traffic and prevent congestion drops. 3. Use switchport buffers and consider upgrading to higher-speed interfaces (e.g., 10G) if congestion persists.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of QoS concepts, interface output drops, and troubleshooting congestion. Expect multiple-choice questions asking to identify the cause of packet drops (e.g., output drops vs. input errors) or the correct QoS configuration to prioritize traffic. The key fact is that output drops indicate congestion and can be mitigated with QoS.
Exam Tips
Remember that output drops on an interface indicate congestion; input errors (CRC, runts) indicate physical layer issues.
Know that the default queueing strategy on Cisco switches is FIFO, which does not prioritize traffic.
Be able to interpret 'show interfaces' output: look for 'output drops' and 'queue depth' to identify congestion.
Commands Used in This Scenario
policy-map [name]
Creates or modifies a QoS policy-map that defines a set of class-maps and associated actions (e.g., bandwidth, priority, drop) to apply to traffic on Cisco IOS routers.
show interfaces
Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.
show policy-map interface
Displays the current QoS policy applied to an interface, including per-class statistics such as packets matched, bytes, and actions taken, used to verify and troubleshoot QoS configurations.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions