05-26-2010 09:00 PM - edited 03-11-2019 10:51 AM
I have a Cisco ASA 5505 that randomly crashes multiple times through out the day. I cannot seem to find any logical cause but a simple reboot of the box always does the trick. I have used the ASA at multiple locations without a problem. Any suggestions would grealy be appriciated. Attached is a copy of the show inter face where I notice there are a lot of collisions and switch ingress policy errors.
Invalid password
Password:
Invalid password
Password: *********
asaCordova# sh int
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.70ff.9e5a, MTU 1500
IP address XXXXXXXXXXX, subnet mask 255.255.255.0
Traffic Statistics for "inside":
115157 packets input, 14118751 bytes
169911 packets output, 178912595 bytes
3418 packets dropped
1 minute input rate 7 pkts/sec, 482 bytes/sec
1 minute output rate 2 pkts/sec, 165 bytes/sec
1 minute drop rate, 3 pkts/sec
5 minute input rate 3 pkts/sec, 249 bytes/sec
5 minute output rate 2 pkts/sec, 229 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.70ff.9e5a, MTU 1500
IP address XXXXXXXXXXX, subnet mask 255.255.255.252
Traffic Statistics for "outside":
170159 packets input, 179273047 bytes
109526 packets output, 14101464 bytes
109 packets dropped
1 minute input rate 0 pkts/sec, 115 bytes/sec
1 minute output rate 0 pkts/sec, 68 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 181 bytes/sec
5 minute output rate 1 pkts/sec, 95 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan3 "dmz", is down, line protocol is down
Hardware is EtherSVI
MAC address 001d.70ff.9e5a, MTU 1500
IP address unassigned
Traffic Statistics for "dmz":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan4 "", is down, line protocol is down
Hardware is EtherSVI
Available but not configured via nameif
MAC address 001d.70ff.9e5a, MTU not set
IP address unassigned
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.70ff.9e52, MTU not set
IP address unassigned
170665 packets input, 182471369 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
509 switch ingress policy drops
109522 packets output, 16535936 bytes, 0 underruns
43 output errors, 41 collisions, 0 interface resets
0 babbles, 0 late collisions, 218 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Half-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.70ff.9e53, MTU not set
IP address unassigned
118687 packets input, 17131100 bytes, 0 no buffer
Received 6116 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
2 switch ingress policy drops
168268 packets output, 181885596 bytes, 0 underruns
197 output errors, 197 collisions, 0 interface resets
0 babbles, 0 late collisions, 55 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/2 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e54, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/3 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e55, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e56, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e57, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e58, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 L2 decode drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001d.70ff.9e59, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
asaCordova#
05-26-2010 09:47 PM
By crash do you mean reboot of the box? If yes then this is probably a software defect and you should open a TAC case for them to decode it and tell you what it is.
If the ASA stalls and needs a reboot to come back it could be memory, cpu. you would need "sh blocks", "sh cpu", "sh mem" to see if you are running high in any of those.
I hope it helps.
PK
05-28-2010 02:56 PM
I did that and it seems to be fine. Nothing is running out of control. I have used this ASA at other sites and it has worked fine.
05-28-2010 05:18 PM
By crash do you mean reboot of the box? If yes then this is probably a software defect and you should open a TAC case for them to decode the "sh crashinfo" output and tell you what it is.
PK
06-17-2010 05:30 AM
What version of code are you running? Is anything special going on when the firewall 'crashes', i.e. make acl changes etc? What do you mean by crash, do you me reboots? Do you have a crashinfo file, you can check this by do a 'show crashinfo'? Are you doing any monitoring of the firewall? If so what does your memory and cpu usage look like? Do they spike at the time of the crash?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide