Cisco Bug: CSCuo48593 - ASA with SFP+4GE-SSM sends flow-control packets at line rate
Apr 16, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
8.4(7) 8.4(7.3) 9.1(1) 9.1(3) 9.1(5)
Symptom: If the interface that flowcontrol is enabled is SFP (fiber) on 4GE-SSM, and ASA version is higher than 22.214.171.124, flowcontrol frames might be continuously transmitted out that interface at a high rate, regardless of traffic utilization. If the ASA's are running in failover mode, both will send the frames regardless of the role. Adjacent devices to the ASA receive huge amount of flowcontrol and link utilization goes high to 75% even there is no traffic being transmitted to the ASA's port. Using the following command on adjacent device every few second shows if it are receiving flowcontrol frames from the directly-connected device: Switch#show flowcontrol interface gigabitEthernet <interface name> Switch#show interfaces gigabitEthernet <interface name> Conditions: To encounter this problem all of the following conditions must be met: 1. ASA (standalone or failover) version 8.4(7) or higher 2. Using SFP fiber port on the 4GE-SSM card (the onboard Gi0/X ports are not affected by this problem) 3. Using 4GE-SSM module 4. Enabling flow-control on a Gi1/X port If all of these conditions are met, the ASA might generate flow-control frames out the configured Gi1/X port at a high rate.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases