Line protocol is down on Cisco Router / IOS 12.2

  • I have this error on a Cisco router running IOS version 12.2.

    This coincide with an error received on our alarming system saying that on this router we have an interface with "line protocol down". The interface seems to be admin down, but I don't know why.

    Are these 2 issues related? I don't see any other alarm at that time on the router. Can an interface be admin down without someone doing shutdown command on the interface?

    Router#show logging

    ...
    Jul 19 01:00:07.863 EDT: %RMON-5-FALLINGTRAP: Falling trap is generated because the value of ifOperStatus.8 has fallen below the falling-threshold value 1
    Jul 19 01:00:12.863 EDT: %RMON-5-RISINGTRAP: Rising trap is generated because the value of ifOperStatus.8 exceeded the rising-threshold value 2
    ...
    

    Router#show interfaces Gi1/8

    GigabitEthernet1/8 is administratively down, line protocol is down (disabled)
      Hardware is C7600 1Gb 802.3...
    ...
    

    I know the interface shows "shutdown, but from what I know nobody did this. Strange! "

    Router#show running-config interface Gi1/8
    Building configuration... 
    Current configuration : 250 bytes ! 
    interface GigabitEthernet1/8 
    description Connection to Firewall switchport 
    switchport access vlan 2 
    switchport mode access 
    logging event link-status 
    load-interval 30 
    shutdown 
    spanning-tree portfast 
    spanning-tree bpduguard enable 
    end 
    Router#
    

    The interface seems to be admin down, but I don't know why.

    Are these 2 issues related? I don't se

    I am also curious what's the conditions for Ethernet (Status) up/ (Line protocol) down. I frequent need to shut then no shut an Ethernet interface to get the line protocol back up.

    Please change `C7600 1Gb 802.3... ...` to say what the hardware actually is. Also, can you show the configuration for this port?

    how did you conclude that nobody configured gi1/8?

    I can see in the logs that (apparently) nobody connected to the router.

    Did anyone run any a SNMP query? Vulnerability scan? in a previous life a a security admin ran a vulnerability scan on my switches, it shut down the local managemnet ports. Took us hrs to figure out what happened? What does the log on the router say? Do you have a sysylog running?

    Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer.

  • As a general rule, interfaces won't be "admin down" unless someone "shut" them. I've forgotten how they show up when errdisable kills a port -- but that would be on a switch.

    Look at show run int gi1/8 to see what it's current configured state is.

    [edit] Based on the current running interface configuration, someone intentionally shut it down. This could be done via CLI, web interface, or SNMP. How and by whom is not something the internet at large can answer.

    (also, you can (should) edit your question to add what you've provided here as comments)

    @RickyBeam, regarding "but that would be on a switch"... FYI the Cisco 7600 is mostly a Catalyst 6500 with different paint

    Err-disabled will usually show up like this: GigabitEthernet1/8 is administratively down, line protocol is down (err-disabled)

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM