Dear all,
We received a new 5525-X appliance this week and after verifying that it powered without issue on the bench, I racked it and began applying a very basic config to test.
I decided to setup the FirePower (SFR) module via ASDM but found that the config would not apply. This was due to me forgetting to patch the MGMT interface. After reconnecting this interface and reapplying the config, the appliance locked up, the alarm LED illuminated and the boot LED was flashing. I had a console session open and this was unresponsive. Unfortunately I didn't capture any of this data as my laptop then blue screened!
I power cycled the ASA but the alarm LED came on almost immediately. I factory reset the appliance's config but this made no difference.
There is nothing unusual from the output of show controller pci. Show environment shows two alarm contacts and a driver error. However a working ASA 5525-X also shows the Ioctl error and is not displaying the alarm LED:
ALARM CONTACT 1
Status: not asserted
Description: external alarm contact 1
Severity: minor
Trigger: closed
ALARM CONTACT 2
Status: not asserted
Description: external alarm contact 2
Severity: minor
Trigger: closed
Driver Information:
--------------------
Status : RUNNING
Driver Error Statistics:
-------------------------
I2C I/O Errors : 0
GPIO Errors : 0
Ioctl Null Ptr Errors : 0
Poll Errors : 0
Invalid Ioctl Errors : 1
PECI Errors : 0
Unknown Errors : 0
Last 5 Errors:
---------------
ciscoasa#
I tried to fsck the flash after shutting down the modules and this found differences in the boot sector but was unable to repair these as the disk was busy:
ciscoasa# sh module all
Mod Card Type Model Serial No.
---- -------------------------------------------- ------------------ -----------
0 ASA 5525-X with SW, 8 GE Data, 1 GE Mgmt, AC ASA5525 FCH21467N2S
ips Unknown N/A FCH21467N2S
cxsc Unknown N/A FCH21467N2S
sfr FirePOWER Services Software Module ASA5525 FCH21467N2S
Mod MAC Address Range Hw Version Fw Version Sw Version
---- --------------------------------- ------------ ------------ ---------------
0 005d.735b.b480 to 005d.735b.b489 3.1 2.1(9)8 9.8(2)
ips 005d.735b.b47e to 005d.735b.b47e N/A N/A
cxsc 005d.735b.b47e to 005d.735b.b47e N/A N/A
sfr 005d.735b.b47e to 005d.735b.b47e N/A N/A 6.2.2-81
Mod SSM Application Name Status SSM Application Version
---- ------------------------------ ---------------- --------------------------
ips Unknown No Image Present Not Applicable
cxsc Unknown No Image Present Not Applicable
sfr ASA FirePOWER Not Applicable 6.2.2-81
Mod Status Data Plane Status Compatibility
---- ------------------ --------------------- -------------
0 Up Sys Not Applicable
ips Down Not Applicable
cxsc Down Not Applicable
sfr Down Not Applicable
Mod License Name License Status Time Remaining
---- -------------- --------------- ---------------
ips IPS Module Disabled perpetual
ciscoasa#
ciscoasa# fsck flash:
umount: /mnt/disk0: target is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
dosfsck 2.11, 12 Mar 2005, FAT32, LFN
There are differences between boot sector and its backup.
Differences: (offset:original/backup)
65:01/00
Not automatically fixing this.
/dev/sdb1: 59 files, 830312/2011280 clusters
mount: /dev/sdb1 is already mounted or /mnt/disk0 busy
/dev/sdb1 is already mounted on /mnt/disk0
fsck of flash: complete
ciscoasa#
I'm concerned about the differences between boot sector and its backup. Could this have been corrupted when the appliance crashed? If so, is there a way to resolve the issue or is this an RMA to our Cisco supplier?
I have attached a copy of show tech-support.
Thanks,
Andy
