Guest

Preview Tool

Cisco Bug: CSCvu38795 - FTD firewall unit cannot join the cluster after a traceback due to invalid interface GOID entry

Last Modified

Oct 05, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.12(2.151)

Description (partial)

Symptom:
In rare cases after a firewall traceback the unit that crashed cannot join back the cluster:
firepower# cluster enable
Detected Cluster Master.
Beginning configuration replication from Master.
WARNING: Local user database is empty and there are still 'aaa' commands for 'LOCAL'.
..
Cryptochecksum (unchanged): 978cdf7a b61b156a 30f57549 42437c19
Abort configuration replication from Master.
Cluster disable is performing cleanup..done.
All data interfaces have been shutdown due to clustering being disabled. To recover either enable clustering or remove cluster group configuration.


The show cluster history shows:
firepower# show cluster history | i CLI
DISABLED              ELECTION              Enabled from CLI
SLAVE_CONFIG          DISABLED              Disabled from CLI

To verify the root cause check the following:
firepower# show cluster info goid interface

Additional verification on the Master unit:
firepower# show cluster info goid interface

goid  : 0x1201831
    pinned: No
    object: 0x0000000000000000           <---
    key   :
        String: single_vf
        String: INSIDE

or:
firepower# debug propagate-link-state 255

Related messages
Master unit-1-1:
cluster_send_lsp_info_internal Failed to sync LSP state to unit 0
Slave unit-2-1:
cluster_rpc_lsp: Unable to find inline pair interfaces idb1=0x0000000000000000 idb2=0x00002b2fedd742a0
cluster_rpc_lsp: Unable to find inline pair interfaces idb1=0x0000000000000000 idb2=0x00002b2fedd742a0

Conditions:
There is a policy deployment on the firewall that involves an interface configuration modification and the firewall (Master) has a traceback during the configuration replication.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.