Verifying Interface Operation
To verify that an ASA interface is operating correctly, you can use the following command:
ciscoasa# show interface if_name
Here, you can specify either a hardware name, such as ethernet0/0, or an interface name, such as outside. The show interface command displays the current status, current speed and duplex mode, MAC address, IP address, and many statistics about the data being moved into and out of the interface. The command also lists traffic statistics, such as packets and bytes in the input and output directions, and traffic rates. The rates are shown as 1-minute and 5-minute averages. Example 3-14 shows a sample of the output.
Example 3-14. Sample Output from the show interface Command
ciscoasa# show interface ethernet0/0 Interface Ethernet0/0 "outside", is up, line protocol is up Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) Input flow control is unsupported, output flow control is unsupported MAC address 001a.a22d.1ddc, MTU 1500 IP address 192.168.254.2, subnet mask 255.255.255.0 26722691 packets input, 27145573880 bytes, 0 no buffer Received 62291 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 pause input, 0 resume input 0 L2 decode drops 19039166 packets output, 5820422387 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 late collisions, 0 deferred 0 input reset drops, 0 output reset drops 0 rate limit drops input queue (blocks free curr/low): hardware (255/253) output queue (blocks free curr/low): hardware (255/255) Traffic Statistics for "outside": 26722691 packets input, 27145573880 bytes 19039166 packets output, 5820422387 bytes 49550 packets dropped 1 minute input rate 16 pkts/sec, 16110 bytes/sec 1 minute output rate 17 pkts/sec, 16240 bytes/sec 1 minute drop rate, 0 pkts/sec 5 minute input rate 12 pkts/sec, 13867 bytes/sec 5 minute output rate 15 pkts/sec, 15311 bytes/sec 5 minute drop rate, 0 pkts/sec ciscoasa#
You can verify the interface status in the second line of output. If the interface is shown as “up,” the interface has been enabled. If the line protocol is shown as “up,” there is an active link between the ASA interface and some other device.
To display a summary of all ASA interfaces and their IP addresses and current status, you can use the show interface ip brief command, as shown in Example 3-15.
Example 3-15. Sample Output from the show interface ip brief Command
ciscoasa# show interface ip brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 192.168.254.2 YES manual up up Ethernet0/1 10.0.0.1 YES manual up up Ethernet0/2 unassigned YES unset administratively down down Ethernet0/3 unassigned YES unset administratively down down Internal-Data0/0 unassigned YES unset administratively down up Management0/0 192.168.1.1 YES manual up up GigabitEthernet1/0 unassigned YES unset administratively down down GigabitEthernet1/1 unassigned YES unset administratively down down GigabitEthernet1/2 unassigned YES unset administratively down down GigabitEthernet1/3 unassigned YES unset administratively down down Internal-Data1/0 unassigned YES unset up up ciscoasa#
You can monitor the redundant interface status with the following command:
ciscoasa# show interface redundant number
Example 3-16 shows the output for interface redundant 1. Notice that physical interface Ethernet0/0 is currently the active interface, while Ethernet0/1 is not. The output also reveals the date and time of the last switchover.
Example 3-16. Verifying the Status of a Redundant Interface
ciscoasa# show interface redundant 1 Interface Redundant1 "inside", is up, line protocol is up Hardware is i82546GB rev03, BW 100 Mbps, DLY 1000 usec Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) MAC address 0016.c789.c8a5, MTU 1500 [output omitted for clarity]
Member Ethernet0/0(Active), Ethernet0/1
Last switchover at 01:32:27 EDT Sep 24 2010ciscoasa#