Cisco ASA/ASR
Last updated on 17 March, 2023When performing data collection on a Cisco ASA firewall using the MIB-2 interface counters (IF-MIB), the discarded packets counters (ifInDiscards/ifOutDiscards) behave differently for subinterfaces and physical interfaces:
- If you are using a subinterface as a routed interface, ifInDiscards/ifOutDiscards will increment for each packet that is dropped due to policy. You are likely to see discards on subinterfaces, though this does not necessarily indicate a problem.
- If you are using a physical interface as a routed interface, ifInDiscards/ifOutDiscards will not increment for each packet dropped due to policy. Discards on physical interfaces may be the result of buffer overflows or other packet handling decisions made by the ASA software.
This behavior has been confirmed on ASA software 7.2.
Notes:
- This behavior is technically valid. Discards counter is defined as “the number of packets which were chosen to be discarded – even though no errors had been detected – to prevent their being deliverable to a higher-layer protocol.”
- When monitoring clustered ASAs, you must add each individual ASA by its Local IP address. You cannot poll consolidated data for the cluster.
- Always use the Local address, and not the main cluster IP address for SNMP polling. If the SNMP agent polls the main cluster IP address, if a new master is elected, the poll to the new master unit will fail.