Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2613
Views
0
Helpful
6
Replies

snmp alarm "Interface 0" always shows down

Go to solution
morgan.brownlie
Level 1
Level 1

‎09-15-2011 02:23 AM

Hi,

One of our snmp monitoring applications keeps throwing up these interface down messages on various devices, the most recent being

on a ASA box, the specific error or interface down staement is :-

Adaptive Security Appliance "0" Interface - Down

Interface0.jpg

I'm not sure if this is specific to ASA type devices or not, but its causing some problems on our monitoring desk, as they see it as a pucka interface thats went down and red alarms that need some attention.

I guess the question is, what is "Interface 0" ? what does it relate to + lastly are these important alarms that we should know about or should we be trying to filter out these alarms.

Any help would be much appreciated.

Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ameya_oke
Level 1
Level 1
In response to morgan.brownlie

‎09-15-2011 04:21 AM

Hi Morgan,

Interface is actually down on your ASA as per your logs.

It is not a false alert.

Explanation:

1. From snmpwalk output

     a. INterface 0 ifdescrip value is 2.

         interfaces.ifTable.ifEntry.ifDescr.2 : DISPLAY STRING- (ascii):  Adaptive Security Appliance '0' interface

http://www.oidview.com/mibs/0/IF-MIB.html

     b. interfaces.ifTable.ifEntry.ifOperStatus.2 : INTEGER: down

         Please find below link for more details (Check Values row)

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.2.1.2.2.1.8&translate=Translate&submitValue=SUBMIT&submitClicked=true

Ameya

View solution in original post

0 Helpful

Go to solution
luijimen
Cisco Employee
Cisco Employee
In response to morgan.brownlie

‎09-15-2011 03:53 PM

Hi Morgan,

This is actually expected and cannot be disabled. The Interface0 is used for internal communications only and will always be shown as shutdown.

Since every interface, physical or logical, must be identified via SNMP also, it will always generate LinkDown alerts from SNMP monitoring tools.

The only available workarounds for this are:

1) Disregard the alerts/ Disable the monitoring of that interface in your monitoring tool.

2) Create an SNMP View to block the access to this interface's data.

Hope this helps.

Luis

View solution in original post

0 Helpful
6 Replies 6

Go to solution
ameya_oke
Level 1
Level 1

‎09-15-2011 02:54 AM

Hi Morgan,

1.Obtailn snmpwalk data for ASA host.

2. You will get ifdescrp values of each interface available in ASA.

3. Say for interface 0 ifdescrip value is 7(in your output it is 2), use this value while configuring snmp host in your         monitoring GUI.

Please share snmpwalk response.

Ameya

0 Helpful

Go to solution
morgan.brownlie
Level 1
Level 1
In response to ameya_oke

‎09-15-2011 03:30 AM

Hi There,

snmpwalk response attached as text file.

Thanks.

113694-snmpwalk.txt.zip
0 Helpful

Go to solution
ameya_oke
Level 1
Level 1
In response to morgan.brownlie

‎09-15-2011 04:21 AM

Hi Morgan,

Interface is actually down on your ASA as per your logs.

It is not a false alert.

Explanation:

1. From snmpwalk output

     a. INterface 0 ifdescrip value is 2.

         interfaces.ifTable.ifEntry.ifDescr.2 : DISPLAY STRING- (ascii):  Adaptive Security Appliance '0' interface

http://www.oidview.com/mibs/0/IF-MIB.html

     b. interfaces.ifTable.ifEntry.ifOperStatus.2 : INTEGER: down

         Please find below link for more details (Check Values row)

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.2.1.2.2.1.8&translate=Translate&submitValue=SUBMIT&submitClicked=true

Ameya

0 Helpful

Go to solution
luijimen
Cisco Employee
Cisco Employee
In response to morgan.brownlie

‎09-15-2011 03:53 PM

Hi Morgan,

This is actually expected and cannot be disabled. The Interface0 is used for internal communications only and will always be shown as shutdown.

Since every interface, physical or logical, must be identified via SNMP also, it will always generate LinkDown alerts from SNMP monitoring tools.

The only available workarounds for this are:

1) Disregard the alerts/ Disable the monitoring of that interface in your monitoring tool.

2) Create an SNMP View to block the access to this interface's data.

Hope this helps.

Luis

0 Helpful

Go to solution
ameya_oke
Level 1
Level 1
In response to luijimen

‎09-15-2011 08:42 PM

Hey Morgan,

Disregarding the alert is a viable workaround, you may even go about disabling the alert(so that a down status is not shown even if it is down)

Please rate if helpful.

Ameya

0 Helpful

Go to solution
morgan.brownlie
Level 1
Level 1
In response to ameya_oke

‎09-16-2011 02:05 AM

Guys,

Many thanks for all the helpfull replies, this has answered my question :-) I can now go back to our firewall people and explain about Interface 0 etc.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card