Guest

Preview Tool

Cisco Bug: CSCvu94846 - When enabling inline tap mode you may experience between 20-50% performance reduction

Last Modified

Aug 22, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(2.18)

Description (partial)

Symptom:
Performance reduced by between %20 and %50 following enabling TAP mode on a Firepower Threat Defense Inline-set

Conditions:
Firepower Threat Defense with inline set that has TAP mode enabled.

You can determine if you have TAP mode enabled on the inline set by running the following command:

ciscoasa# show inline-set

Inline-set inline
  Mtu is 1500 bytes
  Fail-open for snort down is on
  Fail-open for snort busy is off
  Tap mode is on
  Propagate-link-state option is off
  hardware-bypass mode is disabled
  Interface-Pair[1]:
    Interface: GigabitEthernet0/0 "inside"
      Current-Status: DOWN
    Interface: GigabitEthernet0/1 "outside"
      Current-Status: UP
    Bridge Group ID: 0


If the `Tap mode is on` is in the output as above, then TAP mode is enabled.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.