Hello Lemmar,
we appreciate your inquiry.
Since you already have a dedicated support ticket open, I ask that we use the ticket for communication regarding your case.
As for the reported issue, we've seen a few customers reporting the exact same behavior with the new Cisco ASA 5506-X model. The 64-bit counters which we query for high-speed (64-bit) traffic sensors were completely "off the charts". We recommend contacting Cisco's support as we can't explain the unusual counter results.
These are the standard 64-bit counters that we use:
1.3.6.1.2.1.31.1.1.1.6.index |
1.3.6.1.2.1.31.1.1.1.10.index |
One of our customers reported improved results by configuring the SNMP Compatibility Options of the device and setting the 32-bit/64-bit Counters option to Use 32-bit counters only.
The sensors need to be added anew after configuring this option, this way the interface scan will always use 32-bit traffic counters, even if 64-bit counters are available, kindly note that on higher speeds this may lead to overflows(spikes), but it can be used as a workaround to check if the 32-bit counters provide better results.
The 32-bit Sensor will query the following OID's instead:
1.3.6.1.2.1.2.2.1.10.index |
1.3.6.1.2.1.2.2.1.16.index |
The type of created SNMP sensor can be distinguished by it's name within the sensor overview. It will either be an SNMP Traffic 32bit Sensor or SNMP Traffic 64bit Sensor.
Note: We strongly recommend sticking with SNMP V2c or superior and 64-bit counters whenever possible, the 32-bit counters should only be used when no other option is available or for compatibility/troubleshooting.
Update 16/01/2017
Cisco has acknowledged this issue, as we've been informed:
Current bug Status on Cisco's website is:
Known Affected Releases |
9.3(3) |
9.5(0.102) |
Known Fixed Releases |
No release planned to fix this bug |
Best Regards,
Luciano Lingnau [Paessler Support]
Add comment