Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1819
Views
0
Helpful
2
Replies

Problems with 6500 Sup720 and FWSM

branfarm1
Level 4
Level 4

‎09-24-2009 11:57 AM - edited ‎03-06-2019 07:52 AM

Hi there,

I just received a 6506E with Sup720-3B and a FWSM. I went through the documentation (http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/configuration/guide/switch.html) to configure my switch and FWSM, and I'm having no luck getting the switch to be able to ping the FWSM, or vice-versa.

Just to review what I've done so far:

1. Added L2 vlan 100 for MSFC--FWSM connectivity.

2. Added L3 SVI for vlan100, with the IP 10.5.17.2 /29

3. Added firewall vlan groups:

--firewall vlan-group 1 100

--firewall module 1 vlan-group 1

4. Added interface on FWSM, with the IP 10.5.17.4/29

5. Allowed icmp for testing purposes:

icmp permit any inside

All interfaces show as up, but nothing is communicating between the two devices.

In the logs, I'm seeing these errors:

Sep 24 19:27:46.488 UTC: %PM_SCP-SP-2-LCP_FW_ERR_INFORM: Module 1 is experiencing the following error: Bus Asic #0 out of sync error

I tried resetting the firewall by using this command: hw-module mod 1 reset and when I did, I saw these errors:

Sep 24 19:50:15.417 UTC: %ONLINE-SP-6-INITFAIL: Module 1: Failed to synchronize Port asic

Sep 24 19:50:15.429 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Module Failed SCP dnld)

Sep 24 19:51:01.738 UTC: %ONLINE-SP-6-INITFAIL: Module 1: Failed to synchronize Port asic

Sep 24 19:51:01.750 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Module Failed SCP dnld)

Sep 24 19:51:47.962 UTC: %ONLINE-SP-6-INITFAIL: Module 1: Failed to synchronize Port asic

Sep 24 19:51:47.974 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Module Failed SCP dnld)

Sep 24 19:52:34.426 UTC: %ONLINE-SP-6-INITFAIL: Module 1: Failed to synchronize Port asic

Sep 24 19:52:34.438 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Module Failed SCP dnld)

The FWSM is in slot 1 and the Sup720 is in Slot 6. I tried reseating the FWSM, but nothing changed.

Has anyone seen these errors before? Any ideas what they could mean?

Thanks in advance,

Brandon

Labels:
0 Helpful
2 Replies 2

yjdabear
VIP Alumni
VIP Alumni

‎09-24-2009 12:15 PM

Looks like bad hardware. RMA the FWSM.

0 Helpful

branfarm1
Level 4
Level 4
In response to yjdabear

‎09-29-2009 02:22 PM

Do you think it's the FWSM, or could it possibly be the Supervisor or Chassis backplane?

I don't necessarily think the FWSM is bad because I tested it in a second chassis, and it worked fine. It worked in every single slot in the chassis.

Let me see if I can explain this:

I have two chassis, Chassis-A and Chassis-B, each chassis has a FWSM, X6066-SLB-APC, X6748-GE-TX, X6724-SFP, and Sup720-3B.

If I take all of the modules from Chassis A and put them in Chassis B, everything seems to work fine. If I take the Sup720 from Chassis-A, and put it in Chassis-B, with all of the line cards that were with Chassis-B to begin with, I see errors on the FWSM. If I run Chassis-A with all of the original modules, I see errors on the FWSM.

For the heck of it, I tried rotating the modules in Chassis-B, with the supervisor from Chassis-A, to see what happened. I had the modules installed in the slots top down, in the order FWSM, CSM, 6724-SFP, 6748-GE, blank, Sup720-3B.

As I rotated the modules around I saw these errors:

Initial state (FWSM in slot 1)

Mar 9 10:59:24.956 UTC: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 6 reported timeout error for channel 0 (Module 1, fabric connection 0)

Test 1 (FWSM in slot 2)

Mar 9 11:20:21.342 UTC: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 6 reported timeout error for channel 1 (Module 2, fabric connection 0)

Mar 9 11:21:20.894 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Fabric channel errors)

Mar 9 11:21:56.730 UTC: %ONLINE-SP-6-INITFAIL: Module 2: Failed to synchronize Port asic

Mar 9 11:21:56.742 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Module Failed SCP dnld)

Test 2 (FWSM in Slot 3)

Mar 9 11:39:47.432 UTC: %ONLINE-SP-6-INITFAIL: Module 3: Failed to synchronize Port asic

Mar 9 11:39:47.448 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 3 set off (Module Failed SCP dnld)

Test 3 (FWSM in slot 4)

Mar 9 11:43:49.909 UTC: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 6 reported timeout error for channel 3 (Module 4, fabric connection 0)

Mar 9 11:44:28.186 UTC: %FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 6 reported timeout error for channel 3 (Module 4, fabric connection 0)

Test 4 (FWSM in Slot 5)

No errors, oddly enough

Test 5 (FWSM back in slot 1)

Mar 9 12:08:00.973 UTC: %C6KPWR-SP-4-DISABLED: power to module in slot 1 set off (Module Failed SCP dnld)

Is it possible I'm doing something wrong here? Am I not waiting long enough for the modules to initialize and synchronize? How long should it normally take? Also, I know the FWSM is a CEF256 card -- does that pose any problem when using CEF720 cards with Sup720-3B?

Thanks in advance,

Brandon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card