ASA Firewall going in bootloop

Unanswered Question
Jul 30th, 2010
User Badges:

Hi halijenn / experts

I have a query related to ASA firewall 5510 going into bootloop if i tried uplaoding the ASDM image into the same . Following was visible while the firewall was booting up

..WARNING: Enabling the logging flash-bufferwrap feature could cause a depletion of all available memory under high syslog rates. Please adjust your buffered logging level appropriately

Due to this i booted the Firewall into ROMMON and tried removing the logging flash-bufferwrap command .But while copying the startup config to running config , firewall rebooted again as i believe the flash was full . Hence i modified the backup available with me , rebooted firewall into ROMMON again and then copied the configuration . During the whole process i wanted to understand 3 things

1) During the bootloop process i was getting following

Loading disk0:/asa822-16-k8.bin... Booting...
Platform ASA5510

dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.

I have never seen the below output .Is it normal , if yes in what circumstances it occur


dosfsck 2.11, 12 Mar 2005, FAT32, LFN
Starting check/repair pass.
Starting verification pass.


2) While copying the config , i configured "clear logging queue bufferwrap" so as to clear the saved logging buffers (ASDM logging buffer, internal logging buffer, FTP logging buffer, and flash logging buffer). Please let me know if this is correct step which i have taken ? Had i configured clear logging asdm and clear logging buffer , what would have happned ? By implementing the command "clear logging queue bufferwrap" , huge amount of space would have been cleared from the flash , please correct me if i am wrong (as i dint checked the show flash after ASA started working fine) .

3) Should i have taken "show crashinfo " output during this period ? The reason why i have not taken the same is that during bootloop when i entered into ROMMON , i tried putting new ASA image (asa 8.0.3 and 8.2.2) however it didnt took and firewall rebooted again , during reboot it automatically generated the "show crashinfo" on the console (which i captured via PUTTY) .My question is that , is the crashinfo going to help me out to diagnose more or should i consider the issue resolved as the firewall is functioning smoothly (and i obviously know that flash didnt had space at that point of time ?) and not proceed further ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Magnus Mortensen Fri, 07/30/2010 - 05:14
User Badges:
  • Cisco Employee,


     The Flash Bufferwrap logging *should not* cause the firewall to reload. That warning message is printed whenever the flash bufferwrap command is issued. You will see it during the startup since the command is run as part of your startup config. In order to determine why it crashed and reloaded you will need to open a service request and provide the engineer the output of 'show crash' from the ASA. Simply put, if the ASA crashes, for whatever reason, it is a bug and needs to be fixed. Once you open the case, a TAC engineer can identify the exact bug you hit and propose a build of code to fix that issue.

- Magnus

ankurs2008 Sat, 07/31/2010 - 01:47
User Badges:

Hi Magnus

Agreed however the firewall booting continously stopped only by removing those commands .My aim was to stabilize the firewall for that particular moment .Please note that i was manually typing complete config and as soon as i typed logging flash-bufferwrap , firewall booted again I agree that the "sh crashinfo " will shows the exact details but does that mean that we shud ignore the fact that as soon i changed the config with "no logging flash-bufferwrap " ,  i was able to complete the config and stabilized it

Also request you to please clarify the points 1 and 2 as well in my orig post .

Magnus Mortensen Sat, 07/31/2010 - 08:39
User Badges:
  • Cisco Employee,

To adress 1 & 2:

1) From what I can see, part of the 8.2 code is to also do a flash filesystem check upon boot. Just like other operating system do some sanity checks of the filesystem, we now do one as well. This does not appear to be presentin the 8.0 and earlier builds. From the output provided, it looks like the process complete just fine.

2) The 'clear logging queue bufferwrap' command should only clear out the buffer in memory where we are storing logg data waiting to be written to FLASH or written to FTP, etc. When the log buffer wraps, it is dumped into memory until either the flash buffer-wrap process or the FTP buffer-wrap process can write the saved buffer to flash or FTP at which point it is removed from memory. It should have had no effect on the syslog buffer. 'clear logging buffe'r would have cleared the log buffer (what you see when you issue 'show log') and 'clear logging asdm' would have cleared out the syslog buffer that is being sent to ASDM instances.

- Magnus

ankurs2008 Mon, 08/02/2010 - 04:13
User Badges:


Thanks for the reply . let me know if should collect  the "sh crashinfo " now ? The reason i configured "clear logging queue bufferwrap " command is that when the firewall booted successfully for the first time and i entered into the privilege mode , i did a "sh flash " and what i saw was huge no. of files queued over there , as i continued pressing enter to see what else is stored in flash , there came an instance when the firewall hanged again and started rebooting . Hence , i again went into ROMMON and booted the firewall so that i can configure the complete configuration manually (without any logging commands ) followed by a " "clear logging queue bufferwrap " . Also shall i also implement "clear logging buffer " command now ? The reason why i am asking this is that i am afraid of typing "sh flash " again as it might contain those huge files (if still there) and firewall may again reboot . Hence i want to clear everything in the flash , except firewall config and ASDM , ASA , anyconnect images.

Magnus Mortensen Mon, 08/02/2010 - 20:08
User Badges:
  • Cisco Employee,


     You will definitely want to get the 'show crash' output and open a service request so we can decode the crash and dig up the reason for the reboot. It doesn't matter how many files are in flash, the box should simply not reload. A wise man once told me "any un-expected reboot/crash is a bug. end of story".

- Magnus


This Discussion