Solved: Firepower 2110 FTD Interface SNMP monitoring

Robalob · ‎03-05-2019

I'm trying to traffic graph the physical interfaces (Eth1/1 to 1/9) on our 2110s running FTD. Does anybody know what OIDs to use for this?

When I poll using IF-MIB I only get results for internal interfaces:

IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: dummy0
IF-MIB::ifDescr.3 = STRING: Intel Corporation I211 Gigabit Network Connection
IF-MIB::ifDescr.4 = STRING: Intel Corporation Ethernet Connection X552 10 GbE Backplane
IF-MIB::ifDescr.5 = STRING: Intel Corporation Ethernet Connection X552 10 GbE Backplane
IF-MIB::ifDescr.6 = STRING: tap0
IF-MIB::ifDescr.7 = STRING: tap0.1
IF-MIB::ifDescr.8 = STRING: tap0.1000
IF-MIB::ifDescr.9 = STRING: tap0.2000
IF-MIB::ifDescr.10 = STRING: management0
IF-MIB::ifDescr.11 = STRING: tun1

On my older ASAs this gives me physicals too e.g. Gi0/1, Gi1/1

I found the FXOS MIB set in the Cisco downloads area but am struggling to find how to poll this basic information.

Any help appreciated.

Thanks

Robalob · ‎09-10-2019

To save others the time wasting I had with this. I will share the solution I found.

It seems that my problem was down to me polling the management interface rather than polling an inline interface.

If I instead poll one of the inline interfaces using the same standard IF MIB OIDs I get a completely different list of interfaces. This time it shows what I'ds expect to see. e.g.

IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'diagnostic' interface
IF-MIB::ifDescr.6 = STRING: Adaptive Security Appliance 'Port-channel 1' interface
IF-MIB::ifDescr.7 = STRING: Adaptive Security Appliance 'Port-channel 1 sub' interface
IF-MIB::ifDescr.8 = STRING: Adaptive Security Appliance 'Port-channel 2' interface
IF-MIB::ifDescr.9 = STRING: Adaptive Security Appliance 'Port-channel 1 sub' interface
IF-MIB::ifDescr.10 = STRING: Adaptive Security Appliance 'Ethernet1/3' interface
IF-MIB::ifDescr.11 = STRING: Adaptive Security Appliance 'Ethernet1/4' interface
IF-MIB::ifDescr.12 = STRING: Adaptive Security Appliance 'Ethernet1/5' interface
IF-MIB::ifDescr.13 = STRING: Adaptive Security Appliance 'Ethernet1/6' interface
IF-MIB::ifDescr.14 = STRING: Adaptive Security Appliance 'Ethernet1/9' interface
IF-MIB::ifDescr.15 = STRING: Adaptive Security Appliance 'Ethernet1/10' interface
IF-MIB::ifDescr.16 = STRING: Adaptive Security Appliance 'Ethernet1/11' interface
IF-MIB::ifDescr.17 = STRING: Adaptive Security Appliance 'Ethernet1/12' interface
IF-MIB::ifDescr.18 = STRING: Adaptive Security Appliance 'Ethernet1/13' interface
IF-MIB::ifDescr.19 = STRING: Adaptive Security Appliance 'Ethernet1/14' interface
IF-MIB::ifDescr.20 = STRING: Adaptive Security Appliance 'Ethernet1/15' interface
IF-MIB::ifDescr.21 = STRING: Adaptive Security Appliance 'Ethernet1/16' interface
IF-MIB::ifDescr.23 = STRING: Adaptive Security Appliance 'Tunnel1' interface

For a security device, this seems odd to me but hey, at least I can get what I need for now.

View solution in original post

Ilkin · ‎03-06-2019

Firepower 2100 has own FXOS MIBs that are described in https://www.cisco.com/c/en/us/td/docs/security/firepower/2100/mib/b_FXOS_2100_MIBRef/purpose_of_the_cisco_mibs.html.
You can check CISCO-FIREPOWER-AP-ADAPTOR-MIB and CISCO-FIREPOWER-AP-ETHER-MIB.

Robalob · ‎03-07-2019

Hi,

Thanks yes, I had already found these and have been walking them and taking punts at oids that look hopeful.

However I still seem unable to find anything that will pull information relating to the physical interfaces.

What I am after is equivalents of common IF-MIB OIDs such as ifOperStatus or ifInOctets and ifOutOctets so that I can check port status and create traffic graphs.

Robalob · ‎09-10-2019

To save others the time wasting I had with this. I will share the solution I found.

It seems that my problem was down to me polling the management interface rather than polling an inline interface.

If I instead poll one of the inline interfaces using the same standard IF MIB OIDs I get a completely different list of interfaces. This time it shows what I'ds expect to see. e.g.

IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'diagnostic' interface
IF-MIB::ifDescr.6 = STRING: Adaptive Security Appliance 'Port-channel 1' interface
IF-MIB::ifDescr.7 = STRING: Adaptive Security Appliance 'Port-channel 1 sub' interface
IF-MIB::ifDescr.8 = STRING: Adaptive Security Appliance 'Port-channel 2' interface
IF-MIB::ifDescr.9 = STRING: Adaptive Security Appliance 'Port-channel 1 sub' interface
IF-MIB::ifDescr.10 = STRING: Adaptive Security Appliance 'Ethernet1/3' interface
IF-MIB::ifDescr.11 = STRING: Adaptive Security Appliance 'Ethernet1/4' interface
IF-MIB::ifDescr.12 = STRING: Adaptive Security Appliance 'Ethernet1/5' interface
IF-MIB::ifDescr.13 = STRING: Adaptive Security Appliance 'Ethernet1/6' interface
IF-MIB::ifDescr.14 = STRING: Adaptive Security Appliance 'Ethernet1/9' interface
IF-MIB::ifDescr.15 = STRING: Adaptive Security Appliance 'Ethernet1/10' interface
IF-MIB::ifDescr.16 = STRING: Adaptive Security Appliance 'Ethernet1/11' interface
IF-MIB::ifDescr.17 = STRING: Adaptive Security Appliance 'Ethernet1/12' interface
IF-MIB::ifDescr.18 = STRING: Adaptive Security Appliance 'Ethernet1/13' interface
IF-MIB::ifDescr.19 = STRING: Adaptive Security Appliance 'Ethernet1/14' interface
IF-MIB::ifDescr.20 = STRING: Adaptive Security Appliance 'Ethernet1/15' interface
IF-MIB::ifDescr.21 = STRING: Adaptive Security Appliance 'Ethernet1/16' interface
IF-MIB::ifDescr.23 = STRING: Adaptive Security Appliance 'Tunnel1' interface

For a security device, this seems odd to me but hey, at least I can get what I need for now.