Hi Afroj Ahmad:

I think it is not due with command line. It is the lack of OID information for Cisco ASA5520 to be able discovered by 3rd party Network Management System.

If I am not wrong, the ASA5520 should have been configured correctly for providing SNMP to the 3rd party network management system (NMS) and as such, the NMS is then able to capture the the SYS OID for ASA5520 is 1.3.6.1.4.1.9.1.670 from the ASA5520.

The SNMP configuration is as below:

snmp-server host inside 172.16.0.82 community public version 2c

snmp-server host inside 172.16.8.50 community public version 2c

no snmp-server location

no snmp-server contact

snmp-server community public

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

snmp-server enable traps ipsec start stop

snmp-server enable traps entity config-change fru-insert fru-remove

snmp-server enable traps remote-access session-threshold-exceeded

The 3rd party NMS can capture the product OID from ASA5520 after given the ASA IP address to the NMS. It is the LLDP OID that is not included in the product OID to cause the 3rd NMS cannot link up the LAN connction between the ASA and the 3rd party switch. There is no LLDP configuration in ASA command. I believe the LLDP should be provide externally either by key in manually or upload the MIB file to the 3rd party NMS. I have tried also uploading few MIB files but all not succesfully done.

I think the direct method is just key in the LLDP OID inside the 3rd party NMS system so that the 3rd NMS can embed the LLDP information into its operation kernel then the NMS can link up the LAN connection between the Cisco ASA and its switch.

Many thanks!

tangsuan

HI  tangsuan,

Thanks for the details explaination.

LLDP support via SNMP is very minimal or may be not.

Also ASA does not support LLDP-MIB

below is the support MIBS for LLDP:

ftp://ftp.cisco.com/pub/mibs/supportlists/asa/asa-supportlist.html

check this OLD post as well:

https://supportforums.cisco.com/thread/171302

Thanks-

Afroz

[Do rate the useful post]

Hi AFROJ AHMAD:

Thanks to your reply!

I have tried to use the downloaded LLDP MIB file provided from your information by in-corporating it into the 3rd party Network Management System, the Cisco ASA5520 still cannot be automatically linked up with the 3rd party switch.

I would say that the LLDP MIB file downloaded is not provided the proper SNMP LLDP information.

As such, this problem is yet to resolve. I doubt there is a way to resolve.

Is Cisco ASA5500 series development team know something about this and can give some solution or advise on this?

Many thanks!

tangsuan 

Hi tangsuan,

The problem is with the SUPPORT of the LLDP with ASA .

If it is really Imp and a area of concern , I would suggest to open a case so that TAC can contact the Development team to know the status of thsi MIB support.

Thanks-

Afroz

[Do rate the post ,if you find it helpful]

The Cisco ASA software does not support either LLDP or Cisco's CDP. So no matter how you configure or query it, no layer 2 neighbor discovery protocol information will result.

Sent from Cisco Technical Support iPad App

Hi Marvin:

Thanks a lot on your reply!

If in this case of without LLDP and CDP,   even with Cisco LMS, we also cannot see the network link between a ASA firewall and a network device like Cisco Switches or Router, right? Please help to confirm.

Many thanks!

Bset regards,

tangsuan

You're welcome.

You cannot 'see' the link in an LMS topology map - an ASA will always be put into the "unconnected devices" view. You can monitor the link status and performance with the Fault etc. tools in LMS.

Sent from Cisco Technical Support iPad App

Hi Marvin:

Thanks to your reply. Somehow quite disappointed about the ASA feature that it cannot be seen at Network Management System.

best regards,

tangsuan