Network port(s) down-cisco-asa
Vendor: cisco
OS: asa
Description:
Indeni will trigger an issue if one or more network ports is down.
Remediation Steps:
Review the cause for the ports being down.
|||
|1. Check the physical media to ensure that there are no damaged parts.
|2. Verify that the SFP (small form-factor pluggable) devices in use are those authorized by Cisco and that they are not faulty by executing the “show interface transceiver” NX-OS command.
|3. Verify that you have enabled the port by using the “no shutdown” NX-OS command.
|4. Use the “show interface” command to verify the state of the interface. Besides, you can use the “show interface counters” command to check port counters.
|5. Check if the port is configured in dedicated mode.
|6. Execute the following NX-OS commands to gather more information about ports:
| a. “show interface status”
| b. “show interface capabilities”
| c. “show udld”
| d. “show tech-support udld”
|
|7. For more information review: Nexus Troubleshooting Guide
How does this work?
This script retrieves the interface state by polling ifTable via SNMP.
Why is this important?
Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.
Without Indeni how would you find this?
It is possible to poll this data through SNMP.
cisco-asa-interfaces
name: cisco-asa-interfaces
description: Fetch interface metrics for ASA device
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: cisco
os.name: asa
snmp: true
comments:
network-interface-mtu:
why: |
The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation.
how: |
This script retrieves the interface MTU Setting by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-speed:
why: |
If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
how: |
This script retrieves the interface speed by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-mac:
why: |
A media access control address (MAC address) is a unique identifier assigned to a network interface.
how: |
This script retrieves the interface MAC Address by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-admin-state:
why: |
If an interface is disabled and it is a member of a Port Channel, then the link might be running at reduced capacity.
how: |
This script retrieves the interface administrative state by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-state:
why: |
Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.
how: |
This script retrieves the interface state by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-bits:
why: |
Capture the interface Received bits counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-packets:
why: |
Capture the interface Received Packets counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-dropped:
why: |
Capture the interface Receive Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-errors:
why: |
Capture the interface Receive Errors counter. Receive errors coould indicate an issue with duplex/speed matching.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-bits:
why: |
Capture the interface Transmit bits counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-packets:
why: |
Capture the interface Transmit Packets counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-dropped:
why: |
Capture the interface Transmit Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-errors:
why: |
Capture the interface Transmit Errors counter. Transmit errors coould indicate an issue with duplex/speed matching.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
steps:
- run:
type: SNMP
command: GETTABLE 1.3.6.1.2.1.2.2
parse:
type: AWK
file: asa-interfaces.parser.1.awk
cisco-asa-interfaces
name: cisco-asa-interfaces
description: Fetch interface metrics for ASA device
type: monitoring
monitoring_interval: 1 minute
requires:
vendor: cisco
os.name: asa
snmp: true
comments:
network-interface-mtu:
why: |
The Maximum Transmission Unit (MTU) is the maximum frame size that can be sent between two hosts without fragmentation.
how: |
This script retrieves the interface MTU Setting by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-speed:
why: |
If the interface speed is set to a low value, this could mean auto-negotiation is not working correctly and the interface does not utilize the full bandwidth available.
how: |
This script retrieves the interface speed by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-mac:
why: |
A media access control address (MAC address) is a unique identifier assigned to a network interface.
how: |
This script retrieves the interface MAC Address by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-admin-state:
why: |
If an interface is disabled and it is a member of a Port Channel, then the link might be running at reduced capacity.
how: |
This script retrieves the interface administrative state by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-state:
why: |
Interfaces that should be UP and are DOWN can reduce the resiliance of the systems and cause service disruption.
how: |
This script retrieves the interface state by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-bits:
why: |
Capture the interface Received bits counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-packets:
why: |
Capture the interface Received Packets counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-dropped:
why: |
Capture the interface Receive Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-rx-errors:
why: |
Capture the interface Receive Errors counter. Receive errors coould indicate an issue with duplex/speed matching.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-bits:
why: |
Capture the interface Transmit bits counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-packets:
why: |
Capture the interface Transmit Packets counter. Knowing the amount of bits and packets flowing through an interface can help estimate an interface's performance and utilization.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-dropped:
why: |
Capture the interface Transmit Drop counter. Packet loss may have severe impact to the traffic utilization (retransmission for TCP apps) and to the performance of the applications
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
network-interface-tx-errors:
why: |
Capture the interface Transmit Errors counter. Transmit errors coould indicate an issue with duplex/speed matching.
how: |
This script retrieves the interface statistics by polling ifTable via SNMP.
can-with-snmp: true
can-with-syslog: false
steps:
- run:
type: SNMP
command: GETTABLE 1.3.6.1.2.1.2.2
parse:
type: AWK
file: asa-interfaces.parser.1.awk
cross_vendor_network_port_down
package com.indeni.server.rules.library.core
import com.indeni.ruleengine.expressions.conditions.{And, Equals}
import com.indeni.ruleengine.expressions.core.{StatusTreeExpression, _}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity
case class PortIsDownRule() extends PerDeviceRule with RuleHelper {
override val metadata: RuleMetadata = RuleMetadata.builder("cross_vendor_network_port_down", "Network port(s) down",
"Indeni will trigger an issue if one or more network ports is down.", AlertSeverity.CRITICAL, categories = Set(RuleCategory.HealthChecks), deviceCategory = DeviceCategory.AllDevices).build()
override def expressionTree(context: RuleContext): StatusTreeExpression = {
val actualValue = TimeSeriesExpression[Double]("network-interface-state").last
val adminValue = TimeSeriesExpression[Double]("network-interface-admin-state").last
StatusTreeExpression(
// Which objects to pull (normally, devices)
SelectTagsExpression(context.metaDao, Set(DeviceKey), True),
// What constitutes an issue
And(StatusTreeExpression(
// The additional tags we care about (we'll be including this in alert data)
SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("network-interface-state")),
And(
StatusTreeExpression(
SelectTimeSeriesExpression[Double](context.tsDao, Set("network-interface-state"), denseOnly = false),
Equals(ConstantExpression[Option[Double]](Some(0)), actualValue)
).withoutInfo().asCondition(),
StatusTreeExpression(
SelectTimeSeriesExpression[Double](context.tsDao, Set("network-interface-admin-state"), denseOnly = false),
adminValue.isNot(0.0)
).withoutInfo().asCondition().orElse(Some(true))
)
).withSecondaryInfo(
scopableStringFormatExpression("${scope(\"name\")}"),
EMPTY_STRING,
title = "Ports Affected"
).asCondition(), generateDevicePassiveAndPassiveLinkStateCondition(context.tsDao))
).withRootInfo(
getHeadline(),
ConstantExpression("One or more ports are down."),
ConditionalRemediationSteps("Review the cause for the ports being down.",
RemediationStepCondition.VENDOR_JUNIPER ->
"""|
|1. On the device command line interface run "show interfaces extensive" command to check the status of the interface.
|2. Execute "show configuration interface" command to check interface configuration.
|3. Check the encapsulation type and physical media on the port.
|4. Check the port specification and the fiber cable.
|5. Review the following article on Juniper TechLibrary for more information: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-interfaces-security.html#jd0e1772">Operational Commands: show interfaces (SRX Series)</a>.""".stripMargin,
RemediationStepCondition.VENDOR_FORTINET ->
"""|
|1. Monitor hardware network operations (e.g. speed, duplex settings) by using the "diag hardware deviceinfo nic <interface>" FortiOS command.
|2. Run the command "diag hardware deviceinfo nic <interface>" command to display a list of hardware related names and values. Review the next link for more details: http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-toubleshooting-54/troubleshooting_tools.htm
|3. Run the hidden FortiOS command "fnsysctl cat /proc/net/dev" to get a summary of the interface statistics.
|4. Check for a mismatch in the speed and duplex interface settings on two sides of a cable, or for a damaged cable / SFP. Try to manually configure both sides to the same speed/duplex mode when you can. For more information, review "Symptoms of Ethernet speed/duplex mismatches" at http://kb.fortinet.com/kb/documentLink.do?externalID=10653
|5. Review the log history for interfaces status changes.
|6. Review the interface configuration. For more information, use the following interface configuration guide: http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-system-administration-52/Interfaces/interfaces.htm""".stripMargin
)
)
}
}