05-02-2021 11:43 PM
Hi,
on friday I tried to upgrade to asa9-14-2-15 and asa9-14-2-13.
Currently we are on asa9-14-1-30. Because of the newly published vulnerabilites I wanted to upgrade.
It it an Failover cluster. After pushing the file on the machines and putting it at first row of boot system I reloaded the second / passive ASA.
But the inside interface does not come up after the reboot. I tired it twice and then used the "lower" version 9-14-2-13 with the same result.
Then turned back to 9-14-1-30 and the interface came up again. Because it was late I stopped trying.
Do you have any idea?
The interface does not got a "shutdown" with the upgrade.
The inside and outside interfaces are in the "module 1", DESCR: "ASA 5525-X Interface Card 6-port GE SFP, SX/LX". But just the inside interface was down.
05-03-2021 12:17 AM
Looks for me some kind of bug or command syntax might have changed. since you confirmed rolled back to old version still works.
what kind of Logs do you see switch side? Is any error disabled?
You can try this command if not configured already on the interface.
speed nonegotiate
Also, suggest to read the release notes :
https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/release/notes/asarn914.html
05-03-2021 01:34 AM
On switch interface I just see up and down repeatly:
Apr 30 20:56:44.627: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to down
Apr 30 20:56:45.628: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:56:48.138: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up
Apr 30 20:56:50.449: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:56:53.210: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up
Apr 30 20:56:54.211: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to up
Apr 30 20:57:26.076: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthe rnet1/0/14, changed state to down
Apr 30 20:57:27.078: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to down
Apr 30 20:57:31.427: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/14, changed st ate to up
Interface does not have configured "speed nonegotiate" yet.
I will try this.
In release notes I can not find any information regarding this topic.
05-03-2021 10:51 AM
okay, tested with setting speed to 1000 hard coded on firewall and switch site, but this does not help.
I have two SFP modules in gigabitethernet 1/0 and 1/1. Both are down after a reboot with version 9.14.2.13 and 9.14.2.15.
Manually writting "no shutdown" on interfaces turns them on immediately. This seems to be a bug.
I have downgraded back to 9.14.130 again and interfaces are up after booting.
05-03-2021 11:24 AM
That definitely looks like a bug.
Please raise a TAC case if you have support - it will help confirm and prioritize a resolution.
05-04-2021 02:02 AM
Thanks for the sharing information, Raise an TAC Case to assists better. (until you want to try any newer version for testing).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: