Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sh run command output stuck in asa 5540

We have an ASA 5540 failover bundle working in Active/Standby mode. On our active asa 5540 when the sh run command is issued it gets stuck and displays the output after more than 15-20 mins.. and it takes another 10-15 mins to get back to the prompt..

However on the standby asa 5540 if the sh run command is issued, it displays the ouput and comes back to the prompt (even though this also takes 2-3 seconds)

I have tried rebooting the active asa 5540, but still the same issue.. what could be the problem?? any inputs pls...


We are running asa version 8.2.2

Regards

Vijay.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: sh run command output stuck in asa 5540

Hi,

No.. I dont think it will impact our network/security monitoring and in my past and current experience in enterprise network we used to configure in syslog trap in warning level.

We used to monitor resource utilization and any normal/abnormal connection status or attacks. To monitor these syslog warning level is more than enough.

Hope it helps you

regards

Karuppu

8 REPLIES

Re: sh run command output stuck in asa 5540

Hi,

There will be 2 reasons , one is might be your running configuration is too big and it is taking time to display and the other one is CPU/Memory utilization might be high.

Because always in active firewall CPU/Memory will be high so that it is taking too much time to dispaly.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml

for more information to troubleshoot ASA just have a look of this URL.

regards

karuppu

New Member

Re: sh run command output stuck in asa 5540

Right now it is the same behaviour in standby asa too, and this was an working setup, it was working fine all these days and this problem started only since yesterday...

the cpu utilization is 95% in both the asa and I see the cpu utilization of snmp notify thread is 60%, should this be an issue??

memory utilization is 30% on both the asa...

any inputs pls...

Re: sh run command output stuck in asa 5540

Hi,

Have you configured any SNMP tool to monitor ASA recently.Due to this SNMP poll the CPU utilization is too high.

What the network monitoring too you have configured to monitor this ASA. For time being you can disable SNMP future and test the firewall status,

regards

karuppu

New Member

Re: sh run command output stuck in asa 5540

Hi Karuppu,

Yes we are using SNMP tool for monitoring, we have Ciscoworks LMS, Cisco Security manager, Cisco MARS.. But this has been working all these days, the problem started only from yesterday...

Now after I have lowered the the snmp syslog trap level to warnings (earlier it was in the debugging level)the cpu util has come down drastically, but do you have anyidea will it (snmp syslog trap) have any impact in my network/security montioring??

Regards

Vijay.

Re: sh run command output stuck in asa 5540

Hi,

No.. I dont think it will impact our network/security monitoring and in my past and current experience in enterprise network we used to configure in syslog trap in warning level.

We used to monitor resource utilization and any normal/abnormal connection status or attacks. To monitor these syslog warning level is more than enough.

Hope it helps you

regards

Karuppu

New Member

sh run command output stuck in asa 5540

Hi Vijay,

How did you lowered the snmp syslog trap level to warning?

Please help me with the config changes done.

Thanks,

Titto Job

New Member

sh run command output stuck in asa 5540

Hi Titto,

In order to lower the snmp syslog trap level to warning, issue the below command.

logging history warnings

You may also look at the below commands too, if you are also hitting with the same issue of CPU utilization.

logging trap informational -- Use this if you have enabled syslog traps to your syslog server

logging asdm informational -- Use this if you are using ASDM

Hope this helps.

Regards

Vijay.

New Member

sh run command output stuck in asa 5540

Yes Vijay. My firewall is showing high CPU utilization. Around 40% utilization is because of SNMP Notify Thread.

My syslog is configured for informational already as below.

logging trap informational

logging asdm informational

Is there anything else i need to do to reduse CPU utilization.

1518
Views
0
Helpful
8
Replies
CreatePlease to create content