Cisco ASA uptime over 200 days? You may need a reboot

This field notice was sent out at the end of last month.
Updated:Mar 30, 2017
Document ID:FN64291

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN “AS IS” BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
30-MAR-2017
Initial Public Release

Products Affected

Products Affected
CISCO FIREPOWER 6.1.0.1
CISCO FIREPOWER 6.1.0.2
CISCO FIREPOWER 6.2.0
ASA 9.1.7.11
ASA 9.1.7.12
ASA 9.1.7.13
ASA 9.1.7.15
ASA 9.1.7.9
ASA 9.2.4.15
ASA 9.2.4.17
ASA 9.2.4.18
ASA 9.4.3.11
ASA 9.4.3.12
ASA 9.4.3.6
ASA 9.4.3.8
ASA 9.4.4
ASA 9.4.4.2
ASA 9.5.3
ASA 9.5.3.1
ASA 9.5.3.2
ASA 9.5.3.6
ASA 9.6.2.1
ASA 9.6.2.11
ASA 9.6.2.13
ASA 9.6.2.2
ASA 9.6.2.3
ASA 9.6.2.4
ASA 9.6.2.7
ASA 9.6.3
ASA 9.7.1
ASA 9.7.1.2

Problem Description

All Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) devices that run the affected software versions do not pass network traffic after approximately 213 days 12 hours (~ 5,124 hours) of uptime.

In the near term, immediately reboot the deployed security appliances in order to prevent this issue.

Background

On March 29, 2017 Cisco became aware of an issue that affects all Cisco ASA and Cisco FTD security appliances that run certain versions of software. The affected versions of software cause the security appliance to stop passing network traffic after approximately 213 days 12 hours (~ 5,124 hours) of uptime.

The issue detailed in this Field Notice is not a security vulnerability and there is no associated risk to the integrity of the security appliance.

Problem Symptoms

The Cisco ASA and Cisco FTD security appliances stop passing all network traffic.

Entering the show asp drop command over the console port will indicate that packets are being dropped due to the reason punt-rate-limit-exceeded.

Workaround/Solution

In order to mitigate the risk and impact of the device not passing network traffic, Cisco urges customers to proactively reboot their Cisco ASA and Cisco FTD security appliances that run affected versions of the software.

For customers with failover configurations, it is recommended to reboot the standby devices first, make them active after they complete booting, and then reboot the formerly active devices. Customers with clustering configurations should remove one slave at a time from the cluster, reboot them, and rejoin them until each slave has been rebooted. Then, move the master to one of the rebooted devices and then remove that device from the cluster, reboot it, and then have it rejoin.

The reboot of the security appliance must be performed prior to 213 days 12 hours of uptime. After the reboot, the security appliance avoids an encounter with this issue for another 213 days 12 hours.

Enter the show version | grep up command in order to display the uptime of the security appliance.

The output is shown here:

ciscoasa# show version | grep up
Config file at boot was "startup-config"
ciscoasa up 210 days 11 hours
failover cluster up 210 days 11 hours

The device can be rebooted with one of these methods.

For ASA security appliances:
CLI – Enter the reload command in privileged mode.
ASDM GUI – Choose Tools > System Reload.

For FTD security appliances:
CLI – Enter the reboot command in privileged mode.
Firepower Management Center – Choose Devices > Device Management, double-click FTD, then choose the Device tab. In the System section, click the Restart Device icon.

For both ASA and FTD security appliances, a physical power-cycle can be used in order to perform a reboot.

Updated ASA and FTD software versions that address this issue will be published in the coming weeks and will be available from the Cisco Software Download Center.

CDETS

To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.

CDETS Description
CSCvd78303 (registered customers only) ARP functions fail after 213 days of uptime, drop with error ‘punt-rate-limit-exceeded’

 

http://www.cisco.com/c/en/us/support/docs/field-notices/642/fn64291.html

Meraki Wireless Announces New Solutions for Hospitality

Like many other industries, hospitality is undergoing a digital transformation. Guest WiFi access has gone from being an amenity–and something that would simply enhance the guest experience–to being just one of many services that are critical to meeting guests’ needs. Today, properties are swarming with devices, having grown more than 3X since 2012 to an average of 3.5 devices per room. Today, Cisco Meraki is announcing an expansion to our wireless and switch portfolio and solutions designed specifically for the hospitality industry, as well as new products applicable to the broader market.

In hospitality, it’s not enough to simply support the increased device density. Properties must differentiate by developing services such as rapid, personalized check-in, location-assisted experiences, and increased guest attentiveness. WiFi in particular, and the network in general, provide the critical backbone to innovate and deliver these services.

The new Meraki MR30H simplifies wireless for hotels, dorms, and multi–dwelling units. 802.11ac Wave 2 technology delivers robust wireless access in challenging RF environments, and its small form-factor with integrated four port gigabit Ethernet switch enables deployments in a range of environments without the need to deploy an additional tabletop Ethernet switch. Additionally, integrated location analytics deliver insights into client behavior such as foot traffic, dwell time, and repeat visit rates, and Bluetooth low energy (BLE) powers advanced location applications such as those leveraging beacons.

Meraki launch blog image 12_2016

The new Cisco Meraki MR30H Cloud Managed Wireless Access Point

Along with the MR30H, we are introducing the MR33, an 802.11ac Wave 2 2×2 MIMO access point. It’s similar to the MR32 (including built-in location analytics and Bluetooth low energy), but in a smaller form factor and at a lower price.

Meraki is also announcing a major expansion of our switch portfolio, with the introduction of the MS225 and MS250 families. Available in 24-port and 48-port models, both families support physical and virtual stacking, PoE+, and feature 10 GbE SFP+ uplinks. Both are fully compatible with previous generation Meraki switch families, and additionally the MS250 supports the same layer 3 routing technology featured in the Meraki MS350 line. Naturally, these new switches are ideal to support the increased device density seen in hospitality and many other industries.

All of these new products are available to order today. If you’re curious to learn more about them, register for a wireless webinar or switch webinar and see what they’re all about!

– December 6, 2016

Original blog post here: http://blogs.cisco.com/wireless/meraki-new-solutions-hospitality

IT Consultant Headshot

How to Select an IT Consultant

Selecting an IT consultant is a critical element for ensuring success in contemporary business. As a source of accurate and relevant information, your IT consultant can assist in broadening your company’s knowledge base. By bringing a top-shelf consultation on board, you can feel confident that you are making well-informed IT decisions for your business going forward. Read more

Cisco Express Collaboration Specialization

Forte has achieved the Cisco Express Collaboration Specialization recognizing our ability to deliver the Business Edition 6000 platform.  Unifying voice, instant messaging, presence, video, and contact center functions, the Business Edition 6000 provides device independent collaboration for your entire organization.

Learn more by calling us at 510-525-3000!

Top Cisco Partner

Forte was named one of the Top Cisco Partners in the US for the recently completed Cisco fiscal year! As a member of Cisco’s Winner’s Circle, we were among the top 30 partners for exceptional sales growth.  This year has been one of fantastic growth for us.  Our deep partnership with Cisco has allowed us to deliver fully integrated Data Center, Collaboration, Infrastructure, Wireless, and Security solutions to our clients.