Hi,

Cisco ASA version 7.2(4).

Solarwinds is automatically monitoring the interface through list resources option. I dont see an option in Solarwinds to view what OID it is using to monitor the interface.

Interface Ethernet0/2.1 "Branch1", is up, line protocol is up

        VLAN identifier 10

        Description: branch1

        IP address x.x.x.x, subnet mask 255.255.255.0

  Traffic Statistics for "Branch1":

        341725769 packets input, 134155249640 bytes

        289935110 packets output, 24372589486 bytes

        9386735 packets dropped

Thanks.

I am having the exact same problem.

What ASA version are you using? If you are using the same version as mine, then probably it could be a bug.

Regards

I doubt it is a bug. Solarwinds is probably just monitoring the wrong counter. The "packets dropped" counter in the 'show interface' command output represents all security related packet drops on the interface regardless of reason. This could include ACL drops, mac-addr misses, packets without an existing connection, etc.

The counters you should be concerned with are the interface input/output error counters. These will only be valid on PHYSICAL interfaces. If you are monitoring a vlan interface, you should not see the interface error counters increase.

Also note that all the interface counters you see when monitoring via SNMP should match up to some counter in the 'show interface' output. If your 'show interface | inc Int|error' command output does not show any input or output errors on your interfaces, but solarwinds does... then it is not monitoring the correct counter.

Thanks,

Brendan

You are right Brquinn, show interface | inc int|error does not show any errors/discards on our Cisco ASA, so Solarwinds information is not correct.

The interface is monitored by Solarwinds using List resources option available. This option lists down all the interfaces on the device from which you can select what you want to monitor. So how can I figure out the issue within Solarwinds.

Regards

I have the same problem too.

I have Cisco ASA 5515  with the next version:

Cisco Adaptive Security Appliance Software Version 9.1(4)

My interface configuration is the next:

PortChannel5 made with    Interface GigabitEthernet 0/2 + Interface GigabitEthernet 0/3

Subinterfaces in PortChannel5

Nagios Graphs shows:

- many input discards in virtual subinterfaces

- many output discards in interface Gi0/2 and Gi0/3

- PortChannel5 output discards is the sum of discards in interface Gi0/2 and Gi0/3

if I run the snmpwalk command against the ASA the following results were obtained:

Interface description

[user@FIREWALL01 ~]$ snmpwalk -v 2c -c XXXXXXX 10.255.16.1 | grep ifDescr
IF-MIB::ifDescr.2 = STRING: Adaptive Security Appliance 'asa_mgmt_plane' interface
IF-MIB::ifDescr.3 = STRING: Adaptive Security Appliance 'Internet' interface
IF-MIB::ifDescr.4 = STRING: Adaptive Security Appliance 'LAN_MPLS' interface
IF-MIB::ifDescr.5 = STRING: Adaptive Security Appliance 'GigabitEthernet0/2' interface
IF-MIB::ifDescr.6 = STRING: Adaptive Security Appliance 'GigabitEthernet0/3' interface
IF-MIB::ifDescr.7 = STRING: Adaptive Security Appliance 'stateifha' interface
IF-MIB::ifDescr.8 = STRING: Adaptive Security Appliance 'statelink' interface
IF-MIB::ifDescr.9 = STRING: Adaptive Security Appliance 'Internal-Data0/1' interface
IF-MIB::ifDescr.10 = STRING: Adaptive Security Appliance 'cplane' interface
IF-MIB::ifDescr.11 = STRING: Adaptive Security Appliance 'mgmt_plane_int_tap' interface
IF-MIB::ifDescr.12 = STRING: Adaptive Security Appliance 'management' interface
IF-MIB::ifDescr.13 = STRING: Adaptive Security Appliance 'Virtual254' interface
IF-MIB::ifDescr.14 = STRING: Adaptive Security Appliance 'Port-channel5' interface
IF-MIB::ifDescr.15 = STRING: Adaptive Security Appliance 'VLAN_USGLB_OOB' interface
IF-MIB::ifDescr.16 = STRING: Adaptive Security Appliance 'VLAN_USGLBHSTHYP_MGNT' interface
IF-MIB::ifDescr.17 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_OM' interface
IF-MIB::ifDescr.18 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_MGNTOM' interface
IF-MIB::ifDescr.19 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_MGNT' interface
IF-MIB::ifDescr.20 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_SRVF' interface
IF-MIB::ifDescr.21 = STRING: Adaptive Security Appliance 'VLAN_USGLBVRM_SRVB' interface
IF-MIB::ifDescr.22 = STRING: Adaptive Security Appliance 'VLAN_USGLB_DMZ' interface

Input discards

[user@FIREWALL01 ~]$ snmpwalk -v 2c -c xxxxxxxxxx 10.255.16.1 | grep ifInDiscards
IF-MIB::ifInDiscards.2 = Counter32: 0
IF-MIB::ifInDiscards.3 = Counter32: 0
IF-MIB::ifInDiscards.4 = Counter32: 0
IF-MIB::ifInDiscards.5 = Counter32: 0
IF-MIB::ifInDiscards.6 = Counter32: 0
IF-MIB::ifInDiscards.7 = Counter32: 0
IF-MIB::ifInDiscards.8 = Counter32: 0
IF-MIB::ifInDiscards.9 = Counter32: 0
IF-MIB::ifInDiscards.10 = Counter32: 0
IF-MIB::ifInDiscards.11 = Counter32: 0
IF-MIB::ifInDiscards.12 = Counter32: 0
IF-MIB::ifInDiscards.13 = Counter32: 0
IF-MIB::ifInDiscards.14 = Counter32: 0
IF-MIB::ifInDiscards.15 = Counter32: 12481926
IF-MIB::ifInDiscards.16 = Counter32: 9927941
IF-MIB::ifInDiscards.17 = Counter32: 134120211
IF-MIB::ifInDiscards.18 = Counter32: 124695686
IF-MIB::ifInDiscards.19 = Counter32: 27081148
IF-MIB::ifInDiscards.20 = Counter32: 2941537222
IF-MIB::ifInDiscards.21 = Counter32: 32714719
IF-MIB::ifInDiscards.22 = Counter32: 4008856

Output discards

[user@FIREWALL01 ~]$ snmpwalk -v 2c -c xxxxxxxxxxxx 10.255.16.1 | grep ifOutDiscards
IF-MIB::ifOutDiscards.2 = Counter32: 0
IF-MIB::ifOutDiscards.3 = Counter32: 0
IF-MIB::ifOutDiscards.4 = Counter32: 0
IF-MIB::ifOutDiscards.5 = Counter32: 3635696
IF-MIB::ifOutDiscards.6 = Counter32: 119099
IF-MIB::ifOutDiscards.7 = Counter32: 0
IF-MIB::ifOutDiscards.8 = Counter32: 0
IF-MIB::ifOutDiscards.9 = Counter32: 0
IF-MIB::ifOutDiscards.10 = Counter32: 0
IF-MIB::ifOutDiscards.11 = Counter32: 0
IF-MIB::ifOutDiscards.12 = Counter32: 0
IF-MIB::ifOutDiscards.13 = Counter32: 0
IF-MIB::ifOutDiscards.14 = Counter32: 3754795
IF-MIB::ifOutDiscards.15 = Counter32: 0
IF-MIB::ifOutDiscards.16 = Counter32: 0
IF-MIB::ifOutDiscards.17 = Counter32: 0
IF-MIB::ifOutDiscards.18 = Counter32: 0
IF-MIB::ifOutDiscards.19 = Counter32: 0
IF-MIB::ifOutDiscards.20 = Counter32: 0
IF-MIB::ifOutDiscards.21 = Counter32: 0
IF-MIB::ifOutDiscards.22 = Counter32: 0

Output discards may be normals, but I don't understand input discards in virtual subinterfaces of PortChannel5

By the other hand, show interface command in subinterfaces don't show error or discards packets

FIREWALL01/pri/act#    sh interface VLAN_USGLBVRM_SRVB detail 
Interface Port-channel5.1020 "VLAN_USGLBVRM_SRVB", is up, line protocol is up
  Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
        VLAN identifier 1020
        Description: VLAN_USGLBVRM_SRVB
        MAC address 6073.5c69.0917, MTU 1500
        IP address 10.255.19.65, subnet mask 255.255.255.192
  Traffic Statistics for "VLAN_USGLBVRM_SRVB":
        42067433644 packets input, 45125599467459 bytes
        28153119062 packets output, 8866514693262 bytes
        32715765 packets dropped
  Control Point Interface States:
        Interface number is 21
        Interface config status is active
        Interface state is active
  Control Point Vlan1020 States:
        Interface vlan config status is active
        Interface vlan state is UP
FIREWALL01/pri/act#    sh interface VLAN_USGLBVRM_SRVF detail 
Interface Port-channel5.1019 "VLAN_USGLBVRM_SRVF", is up, line protocol is up
  Hardware is EtherChannel/LACP, BW 2000 Mbps, DLY 10 usec
        VLAN identifier 1019
        Description: VLAN_USGLBVRM_SRVF
        MAC address 6073.5c69.0917, MTU 1500
        IP address 10.255.19.1, subnet mask 255.255.255.192
  Traffic Statistics for "VLAN_USGLBVRM_SRVF":
        30475814698 packets input, 14615432248013 bytes
        27472348465 packets output, 20872697455933 bytes
        2941588838 packets dropped
  Control Point Interface States:
        Interface number is 20
        Interface config status is active
        Interface state is active
  Control Point Vlan1019 States:
        Interface vlan config status is active
        Interface vlan state is UP
FIREWALL01/pri/act#

Can anyone explain why so many input errors appear in the subinterfaces?

Thanks in advance!

I'm running 8.6(1)3 version and sees same thing.
I only see dropped packet from subinterface, not on main interface.

sh int gi 0/2.903
823841 packets dropped

sh int gi 0/2
108374022 packets input, 25289192113 bytes, 0 no buffer
Received 429 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops

88998465 packets output, 9597384424 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 1 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops