Cisco Bug: CSCvd78303 - ARP functions fail after 213 days of uptime, drop with error 'punt-rate-limit-exceeded'
Jan 23, 2020
- Cisco ASA 5500-X Series Firewalls
Known Affected Releases
9.1(7.9) 9.2(4.15) 9.4(3.5) 9.4(4) 9.5(3) 9.6(2.1) 9.6(3) 9.7(1)
Symptom: An ASA, after reaching an uptime of roughly 213 days will fail to process ARP packets leading to a condition where all traffic eventually stops passing through the affected device. Since not all existing ARP entries time out at the same time, not all connections may fail at the same time. Additional symptoms include: - ASA does not have ARP entries in its ARP table. show arp is empty - The output of show asp drop and ASP drop captures indicate a rapidly increasing counter for <i>punt-rate-limit exceeded</i> and the dropped packets are predominantly ARP. IMAGES WITH FIXES Images with fixes for this defect will be published as soon as they are available, and posted to the Cisco Software Download center. Conditions: This is seen when the ASA's uptime reaches 213 days. This problem affects ASA and FTD versions: ASA version 9.1 releases 9.1(7)8 and higher ASA version 9.2 releases 9.2(4)15 and higher ASA version 9.4 releases 9.4(3)5 and higher including 9.4(4) ASA version 9.5 releases 9.5(3) and higher ASA version 9.6 releases 9.6(2)1 and higher including 9.6(3) ASA version 9.7 releases 9.7(1) and higher FTD version 6.1 releases 18.104.22.168 and higher FTD version 6.2 releases 6.2.0
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases