How to Track CRC Errors on Interfaces for Palo Alto Firewalls

It was really fun for Indeni to attend Ignite as a sponsor. I do apologize for those that were stuck in lines for the hands-on session.

Here’s a picture of the Indeni team attempting to take a photo, mid-laughter.

332008e5-8429-4e1f-a9bf-580f5a5cdca6-original.jpeg4032×3024 1.34 MB

Of the many things I encountered during my demo’s at the booth, a lot of people asked if we could track CRC errors on the interfaces. I was very confused by this because generally, you can use SNMP to dig into the RX/TX statistics. I did some digging and could only find the following approach: How to Check for CRC Errors on an Interface

As you can see, the approach requires that you run a command over CLI and on top of that, you have to convert the values from hex to decimal. Yikes

I wanted to prod a bit in the community and see what people’s opinions are on this. @Brad_Spilde?

Here is the other relevant link: https://live.paloaltonetworks.com/t5/Configuration-Articles/CLI-Command-to-Display-OID-quot-IF-MIB-iflnDiscards-quot/ta-p/52350

I checked with my PANW SE and he suggested the show global counter command but I don’t see CRC in the list and definitely isn’t a per interface counter like customers would be looking for.

I think the calculation option or via SNMP are the options.

Interesting, the OID does not seem to differentiate whether it was caused by CRC, oversized packets, or bad framing. Let’s assuming you encounter a cocktail of the issues. I would assume the counter value would be a summation of all?

Would there be value in having Indeni give you that level of detail in the system?