- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Cisco IOS: How to configure app to collect and vie...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco IOS: How to configure app to collect and view interface duplex mismatch error data?
Hi,
I'm trying to setup this app. Currently we do not see any data in them and I believe this is due to logs not being in a certain format or some feature in the app needs tweaking.
Would anyone have a step by step guide on how to get this app to show data. Most importantly we want to see Interface duplex mismatch errors.
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you get results searching for:
eventtype=cisco_ios-duplex_mismatch
I am not sure if all Cisco devices log duplex mismatch events. I know the old Cisco 800 series do. What devices are you using?
You need CDP enabled on both devices to get the duplex mismatch event. So this is only generated for instance between switches and between a switch and a phone.
Some more info can be found here: http://www.eventenrichment.com/event-enrichment-cisco-switch-duplexmismatch/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thinking out loud here, is there a way to detect access interfaces producing errors through your app? I believe this will be an easier indication to show there might be a duplex mismatch?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have a look at the following Cisco document as well. It shows a list of events that may occur due to a duplex mismatch: http://www.cisco.com/c/en/us/support/docs/interfaces-modules/port-adapters/12768-eth-collisions.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Mikael appreciate the help. But looks like we won't get to do exactly what we want for this task apart from a manual check since CDP is required for either side to accurately detect duplex mismatches. I'm trying to work out if there's some app which will give the info through LLDP which is a standard Layer 2 protocol
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not as far as I know. Some devices may log events with mnemonic=LATECOLL which COULD be an indication of duplex mismatch, but it is in no way a guarantee. There might be other events generated with indications of a duplex mismatch, but I don't have that information at hand and none of those events provide you with any guarantee of a duplex mismatch. I'm not even sure if it can be detected 100% without manually checking both devices.
If you have another tool that uses SNMP polling you can look at drops, collisions etc for each interface to get an idea of whether there is a mismatch or not.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
first you will need to make sure that you actually log events with a certain severity. Link up/down events have the format LINK-3-UPDOWN or LINEPROTO-5-UPDOWN, i.e.
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Make sure your Cisco IOS devices have at least the following config:
logging trap informational
logging host YOUR.SYSLOG.SERVER.IP
logging event trunk-status global
logging event link-status global
!
interface ra Gi1/0/1 - 52
logging event trunk-status
logging event spanning-tree
logging event status
!
This ensures that all link up/down events are logged. Not all of these commands may work for your device however, but they should be enough to get link up/down events logged.
If this didn't help please try to search for the following:
eventtype="cisco_ios-port_down" OR eventtype="cisco_ios-port_up"
Do you get any results? If so, please post them here so that I can see if everything was matched correctly.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh of course. I was multitasking while writing this post so please excuse my braindeadness 🙂
Please see my answer below.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Mikael, appreciate the help thus far.
eventtype=cisco_ios-duplex_mismatch doesn't generate any results for me. So I'm guessing I need to enable something on Splunk? or Switch? or both.
We currrently log notifications, link status and on trunk status. Is this not enough?
We have a range of devices in our environment from 3560, 3750, 4500 series, 4900 etc and Nexus 5400.
Is there any possibility to detect duplex mismatches between switch and end device? This is what we really want to detect. Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Mikael,
What I'm actually more interested to know is data on duplex mismatching. Any idea what I should set in this instance? thank you again.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
