asa 5540 7.2.5 upgrade, errdisable on Catalyst 4000 L3 Switch

Unanswered Question
Aug 23rd, 2010

Please help trying to upgrade asa 5540 7.2.2 to 7.2.5 and the upgrade works although Cat Switch reports errdisable on the port the firewall is plugged into on the switch. Tried shutdown no shutdown on the port nothing would bring the port online.  switch back to 7.2.2 on the 5540 and shutdown no shutdown works bring the port back online.  Trying to address an audit concern.

Thanks if anyone can help!!!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nagaraja Thanthry Mon, 08/23/2010 - 10:20


Can you please collect the output of "show interfaces status err-disabled"

from the switch when you upgrade the code to 7.2.5? It will tell us the root

cause for errdisable state.



snelbakersg Mon, 08/23/2010 - 10:23

I am unable to provide that.  It is in production and currently working on 7.2.2.

Nagaraja Thanthry Mon, 08/23/2010 - 10:26


Did you have any logs on the switch when the issue was happening? Also, do

you have port-security configured on the switch?



snelbakersg Mon, 08/23/2010 - 10:33

No logs.  I can see that someone in the past tried the same for 7.2.4 and was unable to get the upgrade to work.  This is the port settings on the cat 4000 switch.

interface GigabitEthernet5/1
description LANADV
switchport access vlan 5
switchport mode access
speed 100
duplex full

Nagaraja Thanthry Mon, 08/23/2010 - 10:39


Most likely the reason was due to excessive interface flapping. I see that

you have set the speed/duplex to fixed values under the switch interface.

Can you set it to auto and try the upgrade again? Other than that, without

the switch logs or the "show interfaces status err-disabled" output, it

becomes hard to identify the root cause.



snelbakersg Mon, 08/23/2010 - 10:56

I will try again soon and do what you suggested and  gather logs.  Very odd this is happenning.  5505 5510 ran into no issues.  Thanks for you help sorry I could not give you more info.

snelbakersg Mon, 09/20/2010 - 06:20

I tried this weekend with setting the switch port and 5540 to Auto, 1000, 100 and had the same result when upgrading to 7.2.5.  Here is the output from the err-desable:

GigabitEthernet5/1 is down, line protocol is down (err-disabled)
  Hardware is Gigabit Ethernet Port, address is 001b.54e9.3520 (bia 001b.54e9.3520)
  Description: LANADV
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
     reliability 255/255, txload 164/255, rxload 10/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, link type is auto, media type is 10/100/1000-TX
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:14, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 14101544
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 4164000 bits/sec, 3869 packets/sec
  5 minute output rate 64639000 bits/sec, 6457 packets/sec
     107249879393 packets input, 39354857607339 bytes, 0 no buffer
     Received 18810865 broadcasts (18808974 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     164044013874 packets output, 191290841727280 bytes, 0 underruns
     2542 output errors, 946 collisions, 0 interface resets
     0 babbles, 2542 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out




This Discussion