我的 ASA 5516 突然停止工作。不再有 In/Outbound 流量,Ping 到内部和外部接口失败。
在设备运行超过 6 个月之前。
在问题发生时,系统日志中仅记录了丢弃消息,例如:
Jun 29 08:55:48 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 7913,2018-06-29T08:55:48.000+0200
Jun 29 08:56:08 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 13 per second, max configured rate is 5; Cumulative total count is 7876,2018-06-29T08:56:08.000+0200
Jun 29 08:56:29 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7759,2018-06-29T08:56:29.000+0200
Jun 29 08:56:49 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7709,2018-06-29T08:56:49.000+0200
Jun 29 08:57:09 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7606,2018-06-29T08:57:09.000+0200
Jun 29 08:57:09 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 10 per second, max configured rate is 4; Cumulative total count is 36538,2018-06-29T08:57:09.000+0200
Jun 29 08:57:29 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7504,2018-06-29T08:57:29.000+0200
Jun 29 08:57:49 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 2 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7417,2018-06-29T08:57:49.000+0200
Jun 29 08:58:09 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7308,2018-06-29T08:58:09.000+0200
Jun 29 08:58:29 192.168.100.1 %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 3 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7235,2018-06-29T08:58:29.000+0200
还有一条可疑消息,但这种情况持续了几个月
Jun 29 09:02:38 192.168.100.1 %ASA-3-341011: Storage device with serial number MSA2101XXXX in bay 0 faulty
我能够通过串行接口进入设备,在停机时我检查了默认网关的 ARP 缓存 - 记录是有效的。
在重新加载期间出现此消息:
Jun 29 10:09:50 192.168.100.1 %ASA-3-341008: Storage device not found. Auto-boot of module sfr cancelled. Install drive and reload to try again.
不确定,但存储设备可能会导致这种情况吗?
如果再次发生这种情况,您会建议做什么或尝试什么?
谢谢马特
xx-xx-asa01# show ver
Cisco Adaptive Security Appliance Software Version 9.7(1)
Firepower Extensible Operating System Version 2.1(1.66)
Device Manager Version 7.7(1)
Compiled on Mon 16-Jan-17 09:00 PST by builders
System image file is disk0:/asa971-lfbff-k8.SPA
Config file at boot was "startup-config"
xx-xx-asa01 up 3 days 4 hours
Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
Internal ATA Compact Flash, 8000MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
1: Ext: GigabitEthernet1/1 : address is 70db.989d.bf2e, irq 255
2: Ext: GigabitEthernet1/2 : address is 70db.989d.bf2f, irq 255
3: Ext: GigabitEthernet1/3 : address is 70db.989d.bf30, irq 255
4: Ext: GigabitEthernet1/4 : address is 70db.989d.bf31, irq 255
5: Ext: GigabitEthernet1/5 : address is 70db.989d.bf32, irq 255
6: Ext: GigabitEthernet1/6 : address is 70db.989d.bf33, irq 255
7: Ext: GigabitEthernet1/7 : address is 70db.989d.bf34, irq 255
8: Ext: GigabitEthernet1/8 : address is 70db.989d.bf35, irq 255
9: Int: Internal-Data1/1 : address is 70db.989d.bf2d, irq 255
10: Int: Internal-Data1/2 : address is 0000.0001.0002, irq 0
11: Int: Internal-Control1/1 : address is 0000.0001.0001, irq 0
12: Int: Internal-Data1/3 : address is 0000.0001.0003, irq 0
13: Ext: Management1/1 : address is 70db.989d.bf2d, irq 0
14: Int: Internal-Data1/4 : address is 0000.0100.0001, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 150 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
Carrier : Disabled perpetual
AnyConnect Premium Peers : 4 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 300 perpetual
Total VPN Peers : 300 perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
Shared License : Disabled perpetual
Total TLS Proxy Sessions : 1000 perpetual
Botnet Traffic Filter : Disabled perpetual
Cluster : Enabled perpetual
Cluster Members : 2 perpetual
VPN Load Balancing : Enabled perpetual
Serial Number: xx
Running Permanent Activation Key: 0xxxx 0xxxx 0xxxx 0xxxx 0xxxx
Configuration register is 0x10001
Image type : Release
Key Version : A
Configuration has not been modified since last system restart.