Post on 19-May-2018
FXOS CLI Troubleshooting Commands
• FXOS CLI Chassis Mode Troubleshooting Commands, on page 1• FXOS CLI Eth-Uplink Mode Troubleshooting Commands, on page 5• FXOS CLI Fabric Interconnect Mode Troubleshooting Commands, on page 8• FXOS CLI Security Services Mode Troubleshooting Commands, on page 11
FXOS CLI Chassis Mode Troubleshooting CommandsUse the following chassis mode FXOS CLI commands to troubleshoot issues with your Firepower 2100system.
show environmentDisplays environment information for the chassis.For example:
FPR2100 /chassis # show environment expand detailChassis 1:Overall Status: Power Problem
Operability: OperablePower State: OkThermal Status: Ok
PSU 1:Overall Status: Powered OffOperability: UnknownPower State: OffVoltage Status: Unknown
PSU 2:Overall Status: OperableOperability: OperablePower State: OnVoltage Status: Ok
Tray 1 Module 1:Overall Status: OperableOperability: OperablePower State: On
Fan 1:Overall Status: OperableOperability: OperablePower State: On
Fan 2:Overall Status: OperableOperability: OperablePower State: On
Fan 3:
FXOS CLI Troubleshooting Commands1
Overall Status: OperableOperability: OperablePower State: On
Fan 4:Overall Status: OperableOperability: OperablePower State: On
Server 1:Overall Status: Ok
Memory Array 1:Current Capacity (MB): 32768Populated: 2DIMMs:ID Overall Status Capacity (MB)--- ------------------------ -------------1 Operable 163842 Operable 16384
CPU 1:Presence: EquippedCores: 8Product Name: Intel(R) Xeon(R) CPU D-1548 @ 2.00GHzVendor: GenuineIntelThermal Status: OKOverall Status: OperableOperability: Operable
scope fanEnters the fan mode on Firepower 2110 and 2120 devices.
scope fan-moduleEnters the fan mode on Firepower 2130 and 2140 devices. From this mode, you can display detailedinformation about the chassis fan.For example:
FPR2100 /chassis # show fan-module expand detailFan Module:
Tray: 1Module: 1Overall Status: OperableOperability: OperablePower State: OnPresence: EquippedProduct Name: Cisco Firepower 2000 Series Fan TrayPID: FPR2K-FANVendor: Cisco Systems, IncFan:
ID: 1Overall Status: OperableOperability: OperablePower State: OnPresence: EquippedID: 2Overall Status: OperableOperability: OperablePower State: OnPresence: Equipped
show inventoryDisplays inventory information such as the chassis number, vendor, and serial number.Note: This command only applies to Firepower 2130 and 3140 devices.For example:
FPR2100 /chassis # show inventoryChassis PID Vendor Serial (SN) HW Revision
FXOS CLI Troubleshooting Commands2
FXOS CLI Troubleshooting CommandsFXOS CLI Chassis Mode Troubleshooting Commands
---------- --------------- ----------------- ----------- -----------1 FPR-2140 Cisco Systems, In JAD201005FC 0.1
show inventory expandDisplays detailed inventory information about FRUable components such as the chassis, PSU, andnetwork modules.For example:
FPR2100 /chassis # show inventory expand detailChassis 1:
Product Name: Cisco Firepower 2000 AppliancePID: FPR-2130VID: V01Vendor: Cisco Systems, IncModel: FPR-2130Serial (SN): JAD2012091XHW Revision: 0.1PSU 1:
Presence: EquippedProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEHW Revision: 0
PSU 2:Presence: EquippedProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEHW Revision: 0
Fan Modules:Tray 1 Module 1:
Presence: EquippedProduct Name: Cisco Firepower 2000 Series Fan TrayPID: FPR2K-FANVendor: Cisco Systems, Inc
Fans:ID Presence-- --------1 Equipped2 Equipped3 Equipped4 Equipped
Fabric Card 1:Description: Cisco SSP FPR 2130 Base ModuleNumber of Ports: 16State: OnlineVendor: Cisco Systems, Inc.Model: FPR-2130HW Revision: 0Serial (SN): JAD2012091XPerf: N/AOperability: OperableOverall Status: OperablePower State: OnlinePresence: EquippedThermal Status: N/AVoltage Status: N/A
Fabric Card 2:Description: 8-port 10 Gigabit Ethernet Expansion ModuleNumber of Ports: 8
FXOS CLI Troubleshooting Commands3
FXOS CLI Troubleshooting CommandsFXOS CLI Chassis Mode Troubleshooting Commands
State: OnlineVendor: Cisco Systems, Inc.Model: FPR-NM-8X10GHW Revision: 0Serial (SN): JAD19510AKDPerf: N/AOperability: OperableOverall Status: OperablePower State: OnlinePresence: EquippedThermal Status: N/AVoltage Status: N/A
scope psuEnters the power supply unit mode. From this mode, you can view detailed information about the powersupply unit.For example:
FPR2100 /chassis # show psu expand detailPSU:
PSU: 1Overall Status: Powered OffOperability: UnknownPower State: OffPresence: EquippedVoltage Status: UnknownProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEType: ACFan Status: OkPSU: 2Overall Status: OperableOperability: OperablePower State: OnPresence: EquippedVoltage Status: OkProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEType: ACFan Status: Ok
scope statsEnters the stats mode. From this mode, you can view detailed information about the chassis statatistics.For example:
FPR2100 /chassis # show statsChassis Stats:
Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/statsSuspect: NoOutlet Temp1 (C): 43.000000Outlet Temp2 (C): 41.000000Inlet Temp (C): 30.000000Internal Temp (C): 34.000000Thresholded: 0
Fan Stats:Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/fan-module-1-1/fan-1/stats
FXOS CLI Troubleshooting Commands4
FXOS CLI Troubleshooting CommandsFXOS CLI Chassis Mode Troubleshooting Commands
Suspect: NoSpeed (RPM): 17280Thresholded: 0Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/fan-module-1-1/fan-2/statsSuspect: NoSpeed (RPM): 17340Thresholded: 0Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/fan-module-1-1/fan-3/statsSuspect: NoSpeed (RPM): 17280Thresholded: 0Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/fan-module-1-1/fan-4/statsSuspect: NoSpeed (RPM): 17280Thresholded: 0
Psu Stats:Time Collected: 2016-11-14T21:19:46.318Monitored Object: sys/chassis-1/psu-1/statsSuspect: NoInput Current (A): 0.000000Input Power (W): 8.000000Input Voltage (V): 0.000000Psu Temp1 (C): 32.000000Psu Temp2 (C): 36.000000Psu Temp3 (C): 32.000000Fan Speed (RPM): 0Thresholded: 0Time Collected: 2016-11-14T21:19:46.318Monitored Object: sys/chassis-1/psu-2/statsSuspect: NoInput Current (A): 0.374000Input Power (W): 112.000000Input Voltage (V): 238.503006Psu Temp1 (C): 36.000000Psu Temp2 (C): 47.000000Psu Temp3 (C): 47.000000Fan Speed (RPM): 2240Thresholded: 0
CPU Env Stats:Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/blade-1/board/cpu-1/env-statsSuspect: NoTemperature (C): 46.000000Thresholded: 0Time Collected: 2016-11-14T21:19:46.317Monitored Object: sys/chassis-1/blade-1/npu/cpu-1/env-statsSuspect: NoTemperature (C): 38.000000Thresholded: 0
FXOS CLI Eth-Uplink Mode Troubleshooting CommandsUse the following eth-uplink mode FXOS CLI commands to troubleshoot issues with your Firepower 2100system.
show detailDisplays detailed information about your Firepower 2100 device's Ethernet uplink.
FXOS CLI Troubleshooting Commands5
FXOS CLI Troubleshooting CommandsFXOS CLI Eth-Uplink Mode Troubleshooting Commands
For example:FPR2100 /eth-uplink # show detailEthernet Uplink:
Mode: Security NodeMAC Table Aging Time (dd:hh:mm:ss): 00:04:01:40VLAN Port Count Optimization: DisabledCurrent Task:
scope fabric aEnters the eth-uplink interface mode. From this mode, you can view port channel, statistics, and interfaceinformation.For example:FPR2100 /eth-uplink/fabric # show interfaceInterface:
Port Name Port Type Admin State Oper State State Reason-------------- ------------------ ----------- ---------------- ------------Ethernet1/1 Data Enabled Up UpEthernet1/2 Data Enabled Link Down DownEthernet1/3 Data Disabled Link Down DownEthernet1/4 Data Disabled Link Down DownEthernet1/5 Data Disabled Link Down DownEthernet1/6 Data Disabled Link Down DownEthernet1/7 Data Disabled Link Down DownEthernet1/8 Data Disabled Link Down DownEthernet1/9 Data Disabled Link Down DownEthernet1/10 Data Disabled Link Down DownEthernet1/11 Data Disabled Link Down DownEthernet1/12 Data Disabled Link Down DownEthernet1/13 Data Disabled Link Down DownEthernet1/14 Data Disabled Link Down DownEthernet1/15 Data Disabled Link Down DownEthernet1/16 Data Disabled Link Down DownEthernet2/1 Data Disabled Link Down DownEthernet2/2 Data Disabled Link Down DownEthernet2/3 Data Disabled Link Down DownEthernet2/4 Data Disabled Link Down DownEthernet2/5 Data Disabled Link Down DownEthernet2/6 Data Disabled Link Down DownEthernet2/7 Data Disabled Link Down DownEthernet2/8 Data Disabled Link Down Down
FPR2100 /eth-uplink/fabric # show port-channelPort Channel:
Port Channel Id Name Port Type Admin State OperState State Reason
--------------- ---------------- ------------------ --------------------------- ------------
1 Port-channel1 Data DisabledLink Down Down
FPR2100 /eth-uplink/fabric/port-channel # show statsEther Error Stats:
Time Collected: 2016-11-14T21:27:16.386Monitored Object: fabric/lan/A/pc-1/err-statsSuspect: NoRcv (errors): 0Align (errors): 0Fcs (errors): 0Xmit (errors): 0Under Size (errors): 0Out Discard (errors): 0Deferred Tx (errors): 0Int Mac Tx (errors): 0
FXOS CLI Troubleshooting Commands6
FXOS CLI Troubleshooting CommandsFXOS CLI Eth-Uplink Mode Troubleshooting Commands
Int Mac Rx (errors): 0Thresholded: Xmit Delta Min
Ether Loss Stats:Time Collected: 2016-11-14T21:27:16.386Monitored Object: fabric/lan/A/pc-1/loss-statsSuspect: NoSingle Collision (errors): 0Multi Collision (errors): 0Late Collision (errors): 0Excess Collision (errors): 0Carrier Sense (errors): 0Giants (errors): 0Symbol (errors): 0SQE Test (errors): 0Thresholded: 0
Ether Pause Stats:Time Collected: 2016-11-14T21:27:16.386Monitored Object: fabric/lan/A/pc-1/pause-statsSuspect: NoRecv Pause (pause): 0Xmit Pause (pause): 0Resets (resets): 0Thresholded: 0
Ether Rx Stats:Time Collected: 2016-11-14T21:27:16.386Monitored Object: fabric/lan/A/pc-1/rx-statsSuspect: NoTotal Packets (packets): 0Unicast Packets (packets): 0Multicast Packets (packets): 0Broadcast Packets (packets): 0Total Bytes (bytes): 0Jumbo Packets (packets): 0Thresholded: 0
Ether Tx Stats:Time Collected: 2016-11-14T21:27:16.386Monitored Object: fabric/lan/A/pc-1/tx-statsSuspect: NoTotal Packets (packets): 0Unicast Packets (packets): 0Multicast Packets (packets): 0Broadcast Packets (packets): 0Total Bytes (bytes): 0Jumbo Packets (packets): 0
FPR2100 /eth-uplink/fabric/interface # show statsEther Error Stats:
Time Collected: 2016-11-14T21:27:46.395Monitored Object: sys/switch-A/slot-1/switch-ether/port-1/err-statsSuspect: NoRcv (errors): 0Align (errors): 0Fcs (errors): 0Xmit (errors): 0Under Size (errors): 0Out Discard (errors): 0Deferred Tx (errors): 0Int Mac Tx (errors): 0Int Mac Rx (errors): 0Thresholded: Xmit Delta Min
Ether Loss Stats:Time Collected: 2016-11-14T21:27:46.395Monitored Object: sys/switch-A/slot-1/switch-ether/port-1/loss-statsSuspect: NoSingle Collision (errors): 0
FXOS CLI Troubleshooting Commands7
FXOS CLI Troubleshooting CommandsFXOS CLI Eth-Uplink Mode Troubleshooting Commands
Multi Collision (errors): 0Late Collision (errors): 0Excess Collision (errors): 0Carrier Sense (errors): 0Giants (errors): 7180Symbol (errors): 0SQE Test (errors): 0Thresholded: 0
Ether Pause Stats:Time Collected: 2016-11-14T21:27:46.395Monitored Object: sys/switch-A/slot-1/switch-ether/port-1/pause-statsSuspect: NoRecv Pause (pause): 0Xmit Pause (pause): 0Resets (resets): 0Thresholded: 0
Ether Rx Stats:Time Collected: 2016-11-14T21:27:46.395Monitored Object: sys/switch-A/slot-1/switch-ether/port-1/rx-statsSuspect: NoTotal Packets (packets): 604527Unicast Packets (packets): 142906Multicast Packets (packets): 339031Broadcast Packets (packets): 122590Total Bytes (bytes): 59805045Jumbo Packets (packets): 0Thresholded: 0
Ether Tx Stats:Time Collected: 2016-11-14T21:27:46.395Monitored Object: sys/switch-A/slot-1/switch-ether/port-1/tx-statsSuspect: NoTotal Packets (packets): 145018Unicast Packets (packets): 145005Multicast Packets (packets): 0Broadcast Packets (packets): 13Total Bytes (bytes): 13442404Jumbo Packets (packets): 0Thresholded: 0
FXOSCLIFabricInterconnectModeTroubleshootingCommandsUse the following fabric-interconnect mode FXOSCLI commands to troubleshoot issues with your Firepower2100 system.
show cardDisplays information on a fabric card.For example:FPR2100 /fabric-interconnect # show card detail expandFabric Card:
Id: 1Description: Cisco SSP FPR 2130 Base ModuleNumber of Ports: 16State: OnlineVendor: Cisco Systems, Inc.Model: FPR-2130HW Revision: 0Serial (SN): JAD2012091XPerf: N/AOperability: OperableOverall Status: Operable
FXOS CLI Troubleshooting Commands8
FXOS CLI Troubleshooting CommandsFXOS CLI Fabric Interconnect Mode Troubleshooting Commands
Power State: OnlinePresence: EquippedThermal Status: N/AVoltage Status: N/A
show imageDisplays all available images.firepower /firmware # show imageName Type Version--------------------------------------------- -------------------- -------cisco-ftd.6.2.0.131.csp Firepower Cspapp 6.2.0.131cisco-ftd.6.2.0.140.csp Firepower Cspapp 6.2.0.140cisco-ftd.6.2.0.175.csp Firepower Cspapp 6.2.0.175fxos-k8-fp2k-firmware.0.4.04.SPA Firepower Firmware 0.4.04fxos-k8-fp2k-lfbff.82.1.1.303i.SSA Firepower System 82.1(1.303i)fxos-k8-fp2k-npu.82.1.1.303i.SSA Firepower Npu 82.1(1.303i)fxos-k8-fp2k-npu.82.1.1.307i.SSA Firepower Npu 82.1(1.307i)fxos-k9-fp2k-manager.82.1.1.303i.SSA Firepower Manager 82.1(1.303i)
show packageDisplays all available packages.
firepower /firmware # show packageName Package-Vers--------------------------------------------- ------------cisco-ftd-fp2k.6.2.0.131-303i.SSA 6.2(0.131-303i)cisco-ftd-fp2k.6.2.0.140-307i.SSA 6.2(0.140-307i)cisco-ftd-fp2k.6.2.0.140-308i.SSA 6.2(0.140-308i)cisco-ftd-fp2k.6.2.0.175-311i.SSA 6.2(0.175-311i)cisco-ftd-fp2k.6.2.0.175-314i.SSA 6.2(0.175-314i)cisco-ftd-fp2k.6.2.0.175-318i.SSA 6.2(0.175-318i)cisco-ftd-fp2k.6.2.0.175-319i.SSA 6.2(0.175-319i)
show package package name expandDisplays the package details.
firepower /firmware # show package cisco-ftd-fp2k.6.2.0.131-303i.SSA expandPackage cisco-ftd-fp2k.6.2.0.131-303i.SSA:
Images:cisco-ftd.6.2.0.131.cspfxos-k8-fp2k-firmware.0.4.04.SPAfxos-k8-fp2k-lfbff.82.1.1.303i.SSAfxos-k8-fp2k-npu.82.1.1.303i.SSAfxos-k9-fp2k-manager.82.1.1.303i.SSA
scope auto-installEnters the auto-install mode. From this mode, you can view the current FXOS upgrade state.
firepower /firmware/auto-install # showFirmware Auto-Install:
Package-Vers Oper State Upgrade State------------ ---------------------------- -------------6.2(0.175-319i) Scheduled Installing Application
scope firmwareEnters the firmware mode. From this mode, you can view download task information.For example:
FPR2100 /firmware # show download-taskDownload task:
File Name Protocol ServerPort Userid State--------- --------
--------------- ---------- --------------- -----
FXOS CLI Troubleshooting Commands9
FXOS CLI Troubleshooting CommandsFXOS CLI Fabric Interconnect Mode Troubleshooting Commands
cisco-ftd-fp2k.6.2.0.175-314i.SSA Scp 172.29.191.780 danp Downloaded
cisco-ftd-fp2k.6.2.0.175-318i.SSA Scp 172.29.191.780 danp Downloaded
cisco-ftd-fp2k.6.2.0.175-319i.SSA Scp 172.29.191.780 danp Downloaded
scope download-taskEnters the download-task mode. From this mode, you can view additional details about each downloadtask and restart the download task.For example:Download task:
File Name: test.SSAProtocol: ScpServer: 172.29.191.78Port: 0Userid: userPath: /tmpDownloaded Image Size (KB): 0Time stamp: 2016-11-15T19:42:29.854State: FailedTransfer Rate (KB/s): 0.000000Current Task: deleting downloadable test.SSA on
local(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:DeleteLocal)firepower /firmware/download-task # show fsm statusFile Name: test.SSA
FSM 1:Remote Result: End Point FailedRemote Error Code: ERR MO Illegal Iterator StateRemote Error Description: End point timed out. Check for IP, port, password,
disk space or network access related issues.#Status: Download FailPrevious Status: Download FailTimestamp: 2016-11-15T19:42:29.854Try: 2Progress (%): 0Current Task: deleting downloadable test.SSA on
local(FSM-STAGE:sam:dme:FirmwareDownloaderDownload:DeleteLocal)
firepower /firmware/download-task # restartPassword:
scope psuEnters the power supply unit mode. From this mode, you can view detailed information about the powersupply unit.For example:
FPR2100 /chassis # show psu expand detailPSU:
PSU: 1Overall Status: Powered OffOperability: UnknownPower State: OffPresence: EquippedVoltage Status: UnknownProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEType: ACFan Status: OkPSU: 2
FXOS CLI Troubleshooting Commands10
FXOS CLI Troubleshooting CommandsFXOS CLI Fabric Interconnect Mode Troubleshooting Commands
Overall Status: OperableOperability: OperablePower State: OnPresence: EquippedVoltage Status: OkProduct Name: Cisco Firepower 2000 Series AC 400W Power SupplyPID: FPR2K-PWR-AC-400VID: V01Vendor: Cisco Systems, IncSerial (SN): LIT2010CAFEType: ACFan Status: Ok
FXOS CLI Security Services Mode Troubleshooting CommandsUse the following security services (ssa) mode FXOS CLI commands to troubleshoot issues with yourFirepower 2100 system.
show appDisplays information about the applications attached to you Firpower 2100 device.For example:firepower /ssa # show appApplication:
Name Version Description Author Deploy Type CSP Type Is Default App
---------- ---------- ----------- ---------- ----------- ----------- --------------
ftd 6.2.0.131 N/A cisco Native Application Noftd 6.2.0.140 N/A cisco Native Application Noftd 6.2.0.175 N/A cisco Native Application Yes
FXOS CLI Troubleshooting Commands11
FXOS CLI Troubleshooting CommandsFXOS CLI Security Services Mode Troubleshooting Commands
FXOS CLI Troubleshooting Commands12
FXOS CLI Troubleshooting CommandsFXOS CLI Security Services Mode Troubleshooting Commands