Home > Articles > Certification > Cisco Certification > CCNP

  • Print
  • + Share This
This chapter is from the book

Verifying Interface Operation

To verify that an ASA interface is operating correctly, you can use the following command:

keytopic.jpg
ciscoasa# show interface if_name

Here, you can specify either a hardware name, such as ethernet0/0, or an interface name, such as outside. The show interface command displays the current status, current speed and duplex mode, MAC address, IP address, and many statistics about the data being moved into and out of the interface. The command also lists traffic statistics, such as packets and bytes in the input and output directions, and traffic rates. The rates are shown as 1-minute and 5-minute averages. Example 3-14 shows a sample of the output.

Example 3-14. Sample Output from the show interface Command

ciscoasa# show interface ethernet0/0
Interface Ethernet0/0 "outside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        Input flow control is unsupported, output flow control is unsupported
        MAC address 001a.a22d.1ddc, MTU 1500
        IP address 192.168.254.2, subnet mask 255.255.255.0
        26722691 packets input, 27145573880 bytes, 0 no buffer
        Received 62291 broadcasts, 0 runts, 0 giants
        0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        0 L2 decode drops
        19039166 packets output, 5820422387 bytes, 0 underruns
        0 output errors, 0 collisions, 0 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops
        0 rate limit drops
        input queue (blocks free curr/low): hardware (255/253)
        output queue (blocks free curr/low): hardware (255/255)
  Traffic Statistics for "outside":
        26722691 packets input, 27145573880 bytes
        19039166 packets output, 5820422387 bytes
        49550 packets dropped
      1 minute input rate 16 pkts/sec, 16110 bytes/sec
      1 minute output rate 17 pkts/sec, 16240 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 12 pkts/sec, 13867 bytes/sec 
      5 minute output rate 15 pkts/sec, 15311 bytes/sec
      5 minute drop rate, 0 pkts/sec
ciscoasa#

You can verify the interface status in the second line of output. If the interface is shown as “up,” the interface has been enabled. If the line protocol is shown as “up,” there is an active link between the ASA interface and some other device.

To display a summary of all ASA interfaces and their IP addresses and current status, you can use the show interface ip brief command, as shown in Example 3-15.

Example 3-15. Sample Output from the show interface ip brief Command

ciscoasa# show interface ip brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                192.168.254.2   YES manual up                    up
Ethernet0/1                10.0.0.1        YES manual up                    up
Ethernet0/2                unassigned      YES unset  administratively down down
Ethernet0/3                unassigned      YES unset  administratively down down
Internal-Data0/0           unassigned      YES unset  administratively down up
Management0/0              192.168.1.1     YES manual up                    up
GigabitEthernet1/0         unassigned      YES unset  administratively down down
GigabitEthernet1/1         unassigned      YES unset  administratively down down
GigabitEthernet1/2         unassigned      YES unset  administratively down down
GigabitEthernet1/3         unassigned      YES unset  administratively down down
Internal-Data1/0           unassigned      YES unset  up                    up
ciscoasa#

You can monitor the redundant interface status with the following command:

ciscoasa# show interface redundant number

Example 3-16 shows the output for interface redundant 1. Notice that physical interface Ethernet0/0 is currently the active interface, while Ethernet0/1 is not. The output also reveals the date and time of the last switchover.

Example 3-16. Verifying the Status of a Redundant Interface

ciscoasa# show interface redundant 1
Interface Redundant1 "inside", is up, line protocol is up
  Hardware is i82546GB rev03, BW 100 Mbps, DLY 1000 usec
        Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
        MAC address 0016.c789.c8a5, MTU 1500


[output omitted for clarity] 

  Redundancy Information:
        Member Ethernet0/0(Active), Ethernet0/1
        Last switchover at 01:32:27 EDT Sep 24 2010
ciscoasa#
  • + Share This
  • 🔖 Save To Your Account