- Cisco Community
- Technology and Support
- Security
- Security Knowledge Base
- ASA 5585 - BIOS Test Build Message Appears at Boot
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
06-27-2011 02:29 PM - edited 03-08-2019 06:41 PM
Background:
Scenario 1:
Cisco manufacturing recently discovered an incorrectly download version of BIOS firmware that has impacted a number of ASA-5585 products shipped to customers. Products which are impacted will have much more verbiage displayed on the console during boot-up prior to reaching a prompt (See full boot-up output at the end of this document).
Contained within the output will be a message banner indicating the following:
CISCO SYSTEMS Spyker Build, TEST build not for Customer Release
Embedded BIOS Version 2.0(7)2 19:59:57 01/04/11
These are purely cosmetic messages and have no functional impact to the product’s operation.
Unfortunately, there is no field upgradeable resolution to eliminate these messages outside of replacing the hardware. The hardware is fully functional and the additional messages can be safely ignored.
Affected Units:
Potentially affected units are those which match one of the following Product IDs AND whose Serial Number falls within the affected range. If your ASA does not match one of the below Product IDs, or if it does, but the Serial Number is not within the affected range, then it is not affected by this issue.
Orderable Product ID | Customer Visible Product (Displayed in the "show version" or "show module" output) |
| ASA5585-S20-K8 | ASA5585-SSP-20 |
ASA5585-S20-K9 | ASA5585-SSP-20 |
ASA5585-S20P20-K8 | ASA5585-SSP-20 |
ASA5585-S20P20-K9 | ASA5585-SSP-20 |
ASA5585-S20P20XK9 | ASA5585-SSP-20 |
ASA5585-S20X-K9 | ASA5585-SSP-20 |
ASA-SSP-20-K8= | ASA5585-SSP-20 |
The following list of serial number ranges below are potentially impacted by this cosmetic issue. Please note that not all serial numbers within this range are impacted.
JMX1449xxxx – JMX1520xxxx
JAF1450xxxx - JAF1516xxxx (for ASA-SSP-20-K8 only)
If your ASA-5585 Product ID matches one of the affected products, and your Serial Number (found in the show version output) matches the affected range, then you will need to attach a Console cable to the ASA and reboot it to see if your device has the incorrect BIOS version installed on it. If you are affected, see the Action section below.
Scenario 2:
User is planning to migrate from old well known PIX-525 to ASA 5585. He is worried as their a lot of services are running between firewall and several networks. He decides to take a pair of ASA-5585 and replace fail-over pair of PIXes.
He checked the documentation and understood that he may use Routed Firewall Mode with Equal-Cost Multi-Path Routing. But in the documentation he found that majority of examples were dealing with only two segments - inside and outside (it's perfectly enough for DC). But in his case he have several DMZ's on his PIX. Can he create DMZ's in ASA cluster? Would it be supported by configuration?
Solution:
Scenario 1:
For customers who have affected units, they may:
- Safely ignore the messages.
- Call into the TAC to have the affected blade replaced.
<hl>
Complete Bootup Output
The following is an example of what appears on the Console of an affected ASA-5585 when it boots
The system is restarting... Spyker MRC Build MRC rev: 02110000 Memory behind processor 0 running at DDR3-1066 Memory behind processor 1 running at DDR3-1066 Command phase 0 Re-center RdDqs Re-center WrDq Re-run Rd Vref RTL A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x23 Socket = 0 Channel = 0 DIMM = 0 Rank = 35 A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x10023 Socket = 0 Channel = 1 DIMM = 0 Rank = 35 A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x20023 Socket = 0 Channel = 2 DIMM = 0 Rank = 35 A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x1000023 Socket = 1 Channel = 0 DIMM = 0 Rank = 35 A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x1010023 Socket = 1 Channel = 1 DIMM = 0 Rank = 35 A warning has been logged! Warning Code = 0x1A, Minor Warning Code = 0x0, Data = 0x1020023 Socket = 1 Channel = 2 DIMM = 0 Rank = 35 MemTest latency 650 ms MemInit latency 328 ms Total MRC latency = 6031 ms MRC latency - MemTest and MemInit = 5053 ms DIMM location | dimmPresent | mapOut | Mfg. ID | Mfg. Date | DRAM Id | Part # | Ser# _______________|_____________|________|_________|_______________|_________|__________________|_____ N0.C0.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N0.C0.D1 | 0 N0.C1.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N0.C1.D1 | 0 N0.C2.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N0.C2.D1 | 0 N1.C0.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N1.C0.D1 | 0 N1.C1.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N1.C1.D1 | 0 N1.C2.D0 | 1 | 0 | 407F | 2016 WW15 | 0000 |VR7VA567258FBAP1 | .... N1.C2.D1 | 0 ICH_TCO_RLD=20 A20E Nmi Npx0 Dly P92 Sha0 Kbd0 Cmos Pci Dma0 PrtB Tim Exp Rfsh Geom Mem0 Mem1 Ebda Sha1 CacheE Admgr1 Memmgr1 AdmgrEbda Media LowBios CM2 Csm Cfg Sha2 LocalApic IoApics Smp0 Brd2 Therm Cache0 Driver PostDrv Dma1 Irq1 Vec Time0 Clk Brd4 Plx0 Kbd1 Speed Com Par PnP PciEnum BbsStart RomHeaders Vid1 VidHook Brd6 Plx1 No MPC found in slot 1. CISCO SYSTEMS Spyker Build, TEST build not for Customer Release Embedded BIOS Version 2.0(7)2 19:59:57 01/04/11 Com KbdBuf SMM UsbHid Msg0 Prompt Pmrt Cache1 LowM ExtM HugeM Cache2 Flg Siz0 Amrt PMM PciDev PCI Device Table. Bu Dv Fn Dev/Vend Class Irq| Bu Dv Fn Dev/Vend Class Irq 00 00 00 34068086 Host Bridge 5 | 00 01 00 34088086 Bridge to Bus 01 5 00 03 00 340A8086 Bridge to Bus 08 5 | 00 05 00 340C8086 Bridge to Bus 09 5 00 07 00 340E8086 Bridge to Bus 0A 5 | 00 09 00 34108086 Bridge to Bus 0B 5 00 0D 00 343A8086 Host Bridge | 00 0D 01 343B8086 Host Bridge 00 0D 02 343C8086 Host Bridge | 00 0D 03 343D8086 Host Bridge 00 0D 04 34188086 Host Bridge | 00 0D 05 34198086 Host Bridge 00 0D 06 341A8086 Host Bridge | 00 0D 07 341B8086 Host Bridge XX 00 0E 00 341C8086 Host Bridge | 00 0E 01 341D8086 Host Bridge 00 0E 02 341E8086 Host Bridge | 00 0E 03 341F8086 Host Bridge 00 0E 04 34398086 Host Bridge | 00 0F 00 34248086 Unknown Device 00 10 00 34258086 XT IRQ | 00 10 01 34268086 XT IRQ 00 11 00 34278086 XT IRQ | 00 11 01 34288086 XT IRQ 00 12 00 34348086 Communications XX | 00 12 01 34358086 Communications XX 00 12 02 34368086 IDE Controller XX | 00 12 03 34378086 16550 Serial XX 00 13 00 342D8086 IRQ Controller | 00 14 00 342E8086 XT IRQ 00 14 01 34228086 XT IRQ | 00 14 02 34238086 XT IRQ 00 14 03 34388086 XT IRQ | 00 15 00 342F8086 IRQ Controller 00 16 00 34308086 System XX | 00 16 01 34318086 System XX 00 16 02 34328086 System XX | 00 16 03 34338086 System XX 00 16 04 34298086 System XX | 00 16 05 342A8086 System XX 00 16 06 342B8086 System XX | 00 16 07 342C8086 System XX 00 1A 00 3A378086 Serial Bus 5 | 00 1A 01 3A388086 Serial Bus 10 00 1A 02 3A398086 Serial Bus 11 | 00 1A 07 3A3C8086 Serial Bus 11 00 1C 00 3A408086 Bridge to Bus 0C 10 | 00 1C 01 3A428086 Bridge to Bus 0D XX 00 1C 02 3A448086 Bridge to Bus 0E XX | 00 1C 03 3A468086 Bridge to Bus 0F XX 00 1C 04 3A488086 Bridge to Bus 10 10 | 00 1C 05 3A4A8086 Bridge to Bus 11 XX 00 1D 00 3A348086 Serial Bus 5 | 00 1D 01 3A358086 Serial Bus 10 00 1D 02 3A368086 Serial Bus 11 | 00 1D 07 3A3A8086 Serial Bus 5 00 1E 00 244E8086 Bridge to Bus 12 | 00 1F 00 3A168086 ISA Bridge 00 1F 03 3A308086 Serial Bus XX | 01 00 00 862410B5 Bridge to Bus 02 9 02 04 00 862410B5 Bridge to Bus 03 9 | 02 05 00 862410B5 Bridge to Bus 04 9 02 06 00 862410B5 Bridge to Bus 05 9 | 02 08 00 862410B5 Bridge to Bus 06 9 02 09 00 862410B5 Bridge to Bus 07 9 | 04 00 00 0010177D Unknown Device 5 05 00 00 0010177D Unknown Device 5 | 07 00 00 0010177D Unknown Device 5 08 00 00 10FC8086 Ethernet 5 | 08 00 01 10FC8086 Ethernet 10 0A 00 00 10FC8086 Ethernet 5 | 0A 00 01 10FC8086 Ethernet 10 0C 00 00 00561000 SCSI Controller 5 | 10 00 00 10D38086 Ethernet 5 11 00 00 10D38086 Ethernet 10 | 12 00 00 B80014E4 Network 5 12 01 00 811210B5 Bridge to Bus 13 10 | 13 00 00 860410B5 Bridge to Bus 14 5 14 01 00 860410B5 Bridge to Bus 15 5 | 14 04 00 860410B5 Bridge to Bus 16 5 14 05 00 860410B5 Bridge to Bus 17 5 | PnpDsp Smbios Lpt0 Npx1 Apm Lp1 Acpi Typ Dbg Enb Mp MemReduce MemSync1 CallRoms MemSync2 DriveInit USB storage device found ... SMART eUSB USB Device BootOrder Err Setup MemSync3 Time1 Kbd2 Mfg Brd8 Plx2 Plx2_NULLPTR Total memory : 12 GB Total number of CPU cores : 16 CPLD revision 0008h SerIrq Com Lp1 Admgr2 Brd10 Evaluating BIOS Options ... Cisco Systems ROMMON Version (2.0(7)2) #0: Tue Jan 4 17:52:58 PST 2011 Management0/0 Link is UP MAC Address: 5475.d029.8b18 Use ? for help.
Scenario 2:
Equal Cost Multi-path (ECMP) has some limitations on ASA, as do routing protocols in general. There is a tech note on ASA ECMP here and the routing protocol limitations are covered in the configuration guide.
The number of physical interfaces available on a 5585-X is up to 12 10/100/1000 Mbps and 8 10 Gbps physical interfaces, depending on the SSP type. The primary inside and outside interfaces plus the cluster control link(s) will use up some of those. He can use all of the rest for DMZs if his design needs that. He can further subdivide via subinterfaces (VLANs) - the ASA 5585 supports up to 250 those.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: