cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
7
Replies

asa 5540 7.2.5 upgrade, errdisable on Catalyst 4000 L3 Switch

snelbakersg
Level 1
Level 1

Please help trying to upgrade asa 5540 7.2.2 to 7.2.5 and the upgrade works although Cat Switch reports errdisable on the port the firewall is plugged into on the switch. Tried shutdown no shutdown on the port nothing would bring the port online.  switch back to 7.2.2 on the 5540 and shutdown no shutdown works bring the port back online.  Trying to address an audit concern.

Thanks if anyone can help!!!

Steve

7 Replies 7

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Can you please collect the output of "show interfaces status err-disabled"

from the switch when you upgrade the code to 7.2.5? It will tell us the root

cause for errdisable state.

Regards,

NT

I am unable to provide that.  It is in production and currently working on 7.2.2.

Hello,

Did you have any logs on the switch when the issue was happening? Also, do

you have port-security configured on the switch?

Regards,

NT

No logs.  I can see that someone in the past tried the same for 7.2.4 and was unable to get the upgrade to work.  This is the port settings on the cat 4000 switch.

interface GigabitEthernet5/1
description LANADV
switchport access vlan 5
switchport mode access
speed 100
duplex full

Hello,

Most likely the reason was due to excessive interface flapping. I see that

you have set the speed/duplex to fixed values under the switch interface.

Can you set it to auto and try the upgrade again? Other than that, without

the switch logs or the "show interfaces status err-disabled" output, it

becomes hard to identify the root cause.

Regards,

NT

I will try again soon and do what you suggested and  gather logs.  Very odd this is happenning.  5505 5510 ran into no issues.  Thanks for you help sorry I could not give you more info.

I tried this weekend with setting the switch port and 5540 to Auto, 1000, 100 and had the same result when upgrading to 7.2.5.  Here is the output from the err-desable:

GigabitEthernet5/1 is down, line protocol is down (err-disabled)
  Hardware is Gigabit Ethernet Port, address is 001b.54e9.3520 (bia 001b.54e9.3520)
  Description: LANADV
  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,
     reliability 255/255, txload 164/255, rxload 10/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, link type is auto, media type is 10/100/1000-TX
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:14, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 14101544
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 4164000 bits/sec, 3869 packets/sec
  5 minute output rate 64639000 bits/sec, 6457 packets/sec
     107249879393 packets input, 39354857607339 bytes, 0 no buffer
     Received 18810865 broadcasts (18808974 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 input packets with dribble condition detected
     164044013874 packets output, 191290841727280 bytes, 0 underruns
     2542 output errors, 946 collisions, 0 interface resets
     0 babbles, 2542 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Thanks,

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: