Introduction to Cisco Firepower 9300 Faults
This chapter provides an overview of faults on the Cisco Firepower 9300. This chapter contains the following sections:
Overview of Faults
This section includes the following topics:
- About Faults on the Firepower 9300
- Fault Severities
- Fault Types
- Properties of Faults
- Lifecycle of Faults
- Fault Collection Policy
- Faults in Cisco Firepower Chassis Manager
About Faults on the Firepower 9300
On the Firepower 9300, a fault is a mutable object that is managed by the Cisco Firepower Chassis Manager. Each fault represents a failure in the Firepower 9300 instance or an alarm threshold that has been raised. During the lifecycle of a fault, it can change from one state or severity to another.
Each fault includes information about the operational state of the affected object at the time the fault was raised. If the fault is transitional and the failure is resolved, then the object transitions to a functional state.
A fault remains in Firepower Chassis Manager until the fault is cleared and deleted according to the settings in the fault collection policy.
You can view all faults on the Firepower 9300 from either the Cisco Firepower Chassis Manager CLI or the Cisco Firepower Chassis Manager Web Interface. You can also configure the fault collection policy to determine how a Firepower 9300 instance collects and retains faults.
Note All Cisco Firepower 9300 faults can be trapped by SNMP.
Fault Severities
A fault raised on the Firepower 9300 can transition through more than one severity during its lifecycle. Table 1-1 describes the possible fault severities in alphabetical order.
Fault Types
A fault raised on the Firepower 9300 can be one of the types described in Table 1-2 .
Properties of Faults
The Firepower Chassis Manager provides detailed information about each fault raised on the Firepower 9300. Table 1-3 describes the fault properties that can be viewed in the Cisco Firepower Chassis Manager CLI or the Cisco Firepower Chassis Manager Web Interface.
|
|
---|---|
The current severity level of the fault. This can be any of the severities described in Table 1-1. |
|
The day and time on which the severity for the fault last changed. If the severity has not changed since the fault was raised, this property displays the original creation date. |
|
The component that is affected by the condition that raised the fault. |
|
Additional information about the fault state. This can be any of the states described in Table 1-4. |
|
The type of fault that has been raised. This can be any of the types described in Table 1-2. |
|
The unique identifier associated with the condition that caused the fault. |
|
The number of times the event that raised the fault occurred. |
|
The severity assigned to the fault on the first time that it occurred. |
|
Lifecycle of Faults
The faults on the Firepower 9300 are stateful, and a fault raised on the Firepower 9300 transitions through more than one state during its lifecycle. In addition, only one instance of a given fault can exist on each object. If the same fault occurs a second time, the Firepower 9300 increases the number of occurrences by one.
A fault has the following lifecycle:
1. A condition occurs in the system and the Firepower 9300 raises a fault in the active state.
2. If the fault is alleviated within a short period of time know as the flap interval, the fault severity remains at its original active value but the fault enters the soaking state. The soaking state indicates that the condition that raised the fault has cleared, but the system is waiting to see whether the fault condition reoccurs.
3. If the condition reoccurs during the flap interval, the fault enters the flapping state. Flapping occurs when a fault is raised and cleared several times in rapid succession. If the condition does not reoccur during the flap interval, the fault is cleared.
4. Once cleared, the fault enters the retention interval. This interval ensures that the fault reaches the attention of an administrator even if the condition that caused the fault has been alleviated, and that the fault is not deleted prematurely. The retention interval retains the cleared fault for the length of time specified in the fault collection policy.
5. If the condition reoccurs during the retention interval, the fault returns to the active state. If the condition does not reoccur, the fault is deleted.
When a fault is active, the additional lifecycle state information listed in Table 1-4 may be provided in the Status field of the fault notification.
Fault Collection Policy
The fault collection policy controls the lifecycle of a fault on the Firepower 9300, including the length of time that each fault remains in the flapping and retention intervals.
Faults in Cisco Firepower Chassis Manager
Faults in Cisco Firepower Chassis Manager Web Interface
To view the faults for all objects in the system, navigate to the Overview page in the Cisco Firepower Chassis Manager Web Interface. Each fault severity is represented by a different icon. Above the fault listing you can see how many critical and major faults have occurred in the system. When you double-click a specific fault, the Cisco Firepower Chassis Manager Web Interface opens the Faults Properties dialog box and displays details for that fault.
Faults in Cisco Firepower Chassis Manager CLI
If you want to view the faults for all objects in the system, at the top-level scope, enter the show fault command. If you want to view faults for a specific object, scope to that object and then enter the show fault command.
If you want to view all of the available details about a fault, enter the show fault detail command.
Overview of the Finite State Machine
This section includes the following topics:
- About the Finite State Machine in Cisco Firepower Chassis Manager
- FSM Stage Names
- FSM in Cisco Firepower Chassis Manager
About the Finite State Machine in Cisco Firepower Chassis Manager
A finite state machine (FSM) is a workflow model, similar to a flow chart, that is composed of the following:
The current stage in the FSM is determined by past stages and the operations performed to transition between the stages. A transition from one stage to another stage is dependent on the success or failure of an operation.
Firepower Chassis Manager uses FSM tasks that run in the Data Management Engine (DME) to manage end points in the Firepower object model, including the following:
- Physical components (chassis, I/O module, servers)
- Logical components (LAN cloud, policies)
- Workflows (server discovery, service profile management, downloads, upgrades, backups)
The DME manages the FSM stages and transition, and instructs the Application Gateway (AG) to perform operations on the managed end points. Therefore, each stage can be considered to be an interaction between the DME, the AG, and the managed end point. The AGs do the real work of interacting with managed end points.
When all of the FSM stages have run successfully, the Firepower 9300 considers that the FSM operation is successful.
If the FSM encounters an error or a timeout at a stage, the FSM retries that stage at scheduled intervals. When the retry count has been reached for that stage, the FSM stops and the Firepower Chassis Manager declares that the change has failed. If an FSM task fails, the Firepower Chassis Manager raises the appropriate faults and alarms.
Multiple FSM tasks can be associated to an end point. However, only one FSM task at a time can run. Additional FSM tasks for the same end point are placed in a queue and are scheduled to be run when the previous FSM task is either successfully completed or the task fails.
You can view the FSM details for a particular end point to determine if a task succeeded or failed. You can also use the FSM to troubleshoot any failures.
FSM Stage Names
The FSM stage names are constructed using the following notation
Fsm ObjectWorkflowOperationWhere-is-it-executed
- Object is the object that the FSM is running, such as the Blade or Chassis.
- Workflow is the overall task being performed by the FSM, such as Discover or Association.
- Operation is the task being performed at a particular stage, such as Pnuos-Config.
- Where-is-it-executed is generally “”, or “A” or “B” or “Local” or “Peer”. If this is not specified, it is executed on the managingInst node.
Each FSM stage name has a prefix that identifies the FSM and a suffix that identifies a stage within the FSM. The prefix notation is Fsm ObjectWorkflow and the suffix notation is OperationWhere-is-it-executed. For example, if the FSM name is FsmComputeBladeDiscoverBmcInventory :
FSM in Cisco Firepower Chassis Manager
The Cisco Firepower Chassis Manager CLI can display the FSM information for an end point when you are in the command mode for that end point.
Enter the show fsm status command in the appropriate mode to view the current FSM task for an end point. The information displayed about a current FSM task in the CLI is static. You must re-enter the command to see the progress updates. The following example displays the information about the current FSM task for the server in chassis 1, slot 6:
Enter the show fsm task command in the appropriate mode to view all of the pending tasks in the FSM queue. The following example displays the FSM task queue for chassis 1, slot 1: