Preview Tool

Cisco Bug: CSCuo48593 - ASA with SFP+4GE-SSM sends flow-control packets at line rate

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(7) 8.4(7.3) 9.1(1) 9.1(3) 9.1(5)

Description (partial)

If the interface that flowcontrol is enabled is SFP (fiber) on 4GE-SSM, and ASA version is higher than, flowcontrol frames might be continuously transmitted out that interface at a high rate, regardless of traffic utilization.

If the ASA's are running in failover mode, both will send the frames regardless of the role.

Adjacent devices to the ASA receive huge amount of flowcontrol and link utilization goes high to 75% even there is no traffic being transmitted to the ASA's port.

Using the following command on adjacent device every few second shows if it are receiving flowcontrol frames from the directly-connected device:

Switch#show flowcontrol interface gigabitEthernet <interface name>
Switch#show interfaces gigabitEthernet <interface name>

To encounter this problem all of the following conditions must be met:
1. ASA (standalone or failover) version 8.4(7) or higher
2. Using SFP fiber port on the 4GE-SSM card (the onboard Gi0/X ports are not affected by this problem)
3. Using 4GE-SSM module
4. Enabling flow-control on a Gi1/X port

If all of these conditions are met, the ASA might generate flow-control frames out the configured Gi1/X port at a high rate.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.