cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1554
Views
0
Helpful
5
Replies

ASA 5525-X interface down after upgrade

hash2k2
Level 1
Level 1

Hi,

on friday I tried to upgrade to asa9-14-2-15 and asa9-14-2-13.

Currently we are on asa9-14-1-30. Because of the newly published vulnerabilites I wanted to upgrade.

It it an Failover cluster. After pushing the file on the machines and putting it at first row of boot system I reloaded the second / passive ASA.

But the inside interface does not come up after the reboot. I tired it twice and then used the "lower" version 9-14-2-13 with the same result.

Then turned back to 9-14-1-30 and the interface came up again. Because it was late I stopped trying.

Do you have any idea?

The interface does not got a "shutdown" with the upgrade.

The inside and outside interfaces are in the "module 1", DESCR: "ASA 5525-X Interface Card 6-port GE SFP, SX/LX". But just the inside interface was down.

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

Looks for me some kind of bug or command syntax might have changed. since you confirmed rolled back to old version still works.

 

what kind of Logs do you see switch side? Is any error disabled?

 

You can try this command if not configured already on the interface.

 

speed nonegotiate

 

Also, suggest to read the release notes :

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

On switch interface I just see up and down repeatly:

Apr 30 20:56:44.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to down
Apr 30 20:56:45.628: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:56:48.138: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up
Apr 30 20:56:50.449: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:56:53.210: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up
Apr 30 20:56:54.211: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to up
Apr 30 20:57:26.076: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to down
Apr 30 20:57:27.078: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:57:31.427: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up

 

Interface does not have configured "speed nonegotiate" yet.

I will try this.

In release notes I can not find any information regarding this topic.

okay, tested with setting speed to 1000 hard coded on firewall and switch site, but this does not help.

 

I have two SFP modules in gigabitethernet 1/0 and 1/1. Both are down after a reboot with version 9.14.2.13 and 9.14.2.15.

Manually writting "no shutdown" on interfaces turns them on immediately. This seems to be a bug.

I have downgraded back to 9.14.130 again and interfaces are up after booting.

That definitely looks like a bug.

Please raise a TAC case if you have support - it will help confirm and prioritize a resolution.

Thanks for the sharing information, Raise an TAC Case to assists better. (until you want to try any newer version for testing).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: