I am deploying a redundant pair of ASA 5545X Firewalls and using the ASA-IC-6GE-SFP-C fiber card to provide fiber optic interconnectivity to the firewals and for failover capabilities (The firewalls are located across the campus from eachother)
The cards are installed, and detected in a show version, but I'm having issues with getting interfaces to link. Taking the campus fiber out of the picture I've been bench testing the firewalls using a single pair of singe mode fiber, and two GLC-LX-SMD's. Testing port by port, I get link on some but not others. Raised a TAC and RMAd the hardware assuming bad cards. Received my Replacement cards today, but the situation is even worse. Three out of six of the ports are not giving link on both cards. And, they are the SAME ports in botth cards. I've wiped my config, rolled back the OS (from 9.1(2) to 8.6, and back again). Yes, all the ports are "no shut" and the fiber tests good because I get link on working ports, and also I get link between the friewalls and a switch on one of the working ports.
The odd thing is, if I test the ports while the firewalls are powering up, I get link across all ports no problem. Once the OS has loaded, I'm back to 50% failure.
I know this is very new hardware. We have used other models of the 5500X Series in other sites, but this is the first time with the 5545X and using the
Is there something I"m missing that's important about these cards? I'm going to have to either raise another TAC, or append my existing TAC to the current status.
Any help that anybody can give would be greatly appreciated.
I had found, after several hours of trial and error, that the problem was with the off-brand (RE Non Cisco) SFP Modules that my vendor had sent (We did in fact order GLC-LH-SMD, but the sent us a compatible module by mistake). We do know this to be an issue with other devices, which is why we always order the genuine Cisco SFP modules to avoid this problem.
I discovered this when I tested the connections using some genuine GLC-LH-SM's I had brought with me from my. These worked in 100% of the ports. The odd thing that was throwing me off was that the non-genuine SFPs seemed only to be working in the odd-numbered ports.
It would appear that the Fiber module for the ASA5500-X is very sensitive to using off-brand SFPs,
I contacted my vendor and had them resolve the mis-shipped SPF modules. Everything has been solid since.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :