Guest

Preview Tool

Cisco Bug: CSCvt64270 - ASA is sending failover interface check control packets with a wrong destination mac address

Last Modified

Oct 05, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(2) 9.8(4.17)

Description (partial)

Symptom:
+ The output of the show failover command, shows the data interfaces stuck in Normal (Waiting) status:

Interface 01-INT (x.x.x.x): Normal (Waiting)
Interface 02-INT (x.x.x.x): Normal (Waiting)
Interface 03-INT (x.x.x.x): Normal (Waiting)
Interface 04-INT (x.x.x.x): Normal (Waiting)
------------------------------------------------------------------------

+ ICMP traffic to peer failover IP don’t have any issue and have right destination mac.

+ ASA is sending failover interface check control packets with a wrong destination mac address.

Conditions:
+ASA Failover configured as Active/Standby

+The command "mac-address auto prefix" is configured in the ASA

+This issue has been seen only when Standby unit is reloaded
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.