Cisco - PIX Hardware Troubleshooting
Contents
1. 1 Fan starts operating 2 Console messages start appearing 3 Power LED is lit 4 Console prompt is seen 5 ACT and or Network LED on Network Interface Card s NICs is lit You may also want to verify the following Does the disk drive work for earlier PIX models with disk drives e Does the drive light come on for earlier PIX models with disk drives e Is the problem observed with no or light traffic through the PIX Suggested Solution if Fan Does Not Start Operating e Check the power source and the power switch on the PIX e Try changing power outlets Cisco PIX Hardware Troubleshooting e If you are using an Uninterrupted Power Supply UPS verify whether or not the PIX works if it is not connected to a UPS e Try another device in the suspect outlet Suggested Solution if Console Messages Do Not Appear e Is the console cable the correct one To make sure it s the correct one check whether or not the console cable and the PC serial port work on another device such as a Cisco IOS router If another device is not available compare the ends of the cable side by side The cable should be rolled with the wire colors exactly reversed If necessary also check whether or not the console port works with a different PC e Apply the correct terminal emulator settings for console connections e The memory in the PIX might not be seated properly If this is the case the fan functions but the PIX itself does not Verify th2. 1M Extended RAM Passed 0512K Cache SRAM Passed System BIOS shadowed PIX BIOS 4 0 38 Tue Apr 27 12 45 23 PDT 1999 timhahn irp view5 vws dry timhahn trunk loader Platform PIX 515 Flash i28F640J5 0x300 Use BREAK or ESC to interrupt flash boot Reading 1528320 bytes of image from flash HERE EE HEE EH 32MB RAM Flash i28F640J5 0x300 HE aE EE EE HE EE HE EE EE EE EE EE EE EE EE EE EEE E HE HE HE H BIOS Flash AT29C257 Oxfffd8000 mcwa i82559 Ethernet at irq 11 MAC 0050 54fe ea30 mcwa i82559 Ethernet at irq 10 MAC 0050 54fe ea31 mcwa i82558 Ethernet at irq 7 MAC 0090 2742 fbbe Il Il cl TP1lseetbllildls ciscoSystems Private Internet eXchang Cisco PIX Firewall Cisco PIX Firewall Version 6 2 1 Licensed Features Failover Enabled VPN DES Enabled VPN 3DES Enabled Maximum Interfaces 6 Cut through Proxy Enabled Guards Enabled URL filtering Enabled Inside Hosts Unlimited Throughput Unlimited IKE peers Unlimited KKK KKK KKK KKK KK KKK KKK KKK KKK KK KK Warning KKK KK KKK KK KKK KKK KKK KKK KKK KKK KKK Compliance with U S Export Laws and Regulations Encryption This product performs encryption and is regulated for export Cisco PIX Hardware Troubleshooting by the US Government This product is not authorized for use by persons located outside the United States and Canada that do not have prior approval from Cis
3. Cisco PIX Hardware Troubleshooting Cisco PIX Hardware Troubleshooting Table of Contents PIX Hardware Troubleshooting a sasissarsivenisnssanscnniinaseamiconinaniaiaiinnisaaienciunonneieie Tanoan r E onnscatpsseney seauesanosdauenoue anes eneenespieewanees Ts AS E E E E E O EAN Sale E oO Retiree Hardware arid Software VerSiON 8 xss ccssasncsssisescssinsscessseseessanesayansevcessuseves sans EERUN KEO onan ves avinennsvinsee PT Perak O0 Co nA TEETE NA Tete ruta rn the ESE creier E A E da Aten PIX Hardware Troubleshooting Introduction Prerequisites Hardware and Software Versions PIX Boot Sequence Identifying the Issue PIX Hang PIX Crash PIX Crash and Boot Loop Example System Messages Normal PIX Operation non PIX 1GE 66 Message on the PIX Only One NIC Used Summary Related Information Introduction This document helps troubleshoot potential hardware issues with the Cisco Secure PIX Firewall series It can help to identify which component may be causing a hardware failure depending on the type of error that the PIX is experiencing PIX does not support Online Insertion and Removal OIR and needs a minimum of two interfaces for normal operation Prerequisites Readers of this document should consider the following e Identify the software version running on the PIX Use the show version command to determine the software release on the PIX Tip Connect your PC to the console port of the PIX using a rolle
4. at the memory is seated properly e Check whether or not the PIX finds the flash and RAM at this stage See the sample output for PIX under normal operation If you still have issues after checking the above you might have a faulty unit Suggested Solution if Power LED Is Not Lit e Check the power source If the fan is operating but the LED is not lit it could be an LED issue Suggested Solution if ACT and or Network LED on NIC Card s Is Not Lit e Check whether or not the network cable is connected Make sure a straight through cable is used for hub or switch connection otherwise a crossover cable is used e Try changing cables e Try reseating swapping the NICs o If there are more than two NICs does the PIX boot without problem when the third NIC is removed or if the NICs are swapped e If you are still having troubles check for any Field Notices available for your NIC or PIX Firewall model Identifying the Issue In powering on the PIX may experience one of the following possible issues e PIX Hang There is no output on the serial console such as no PIX EXEC prompt or no response to input on the serial console Cisco PIX Hardware Troubleshooting e PIX Crash The PIX experiences a reboot or reload while either doing a specific action or randomly e PIX Crash and Boot Loop The PIX can be stuck in a continuous loop with an error message scrolling PIX Hang If you suspect a PIX hang check to see i
5. co Systems Inc or the US Government This product may not be exported outside the US and Canada either by physical or electronic means without PRIOR approval of Cisco Systems Inc or the US Government Persons outside the US and Canada may not re export resell or transfer this product by either physical or electronic means without prior approval of Cisco Systems Inc or the US Government KEKKKKKKKKKKKKKKKKKA KKK KKK KKK KK Warning KEKKK KKK KKK KKK KKKKKKK KKK KKK KK KK Copyright c 1996 2002 by Cisco Systems Inc Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 11 of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 Cisco Systems Inc 170 West Tasman Drive San Jose California 95134 1706 Cryptochecksum unchanged d32550f0 c52eaalb 952dabc8 6e7b6ea3 199002 PIX startup completed Beginning operation Type help or for a list of available commands non PIX 1GE 66 Message on the PIX WARNING A non PIX 1GE 66 Gigabit Ethernet card was found in slot 0 WARNING This combination is not recommended and will reduce the overall WARNING performance of the system Remove this card and replace it with WARNING a PIX 1GE 66 Gigabit Ethernet card for optimal performance Sol
6. d cable and apply the correct terminal emulator settings for console connections e Identify the PIX model If you are running software version 5 0 1 or later you can find the model by using the show version command pixfirewall config show version Cisco PIX Firewall Version 6 2 1 lt output deleted for brevity gt pixfirewall up 22 hours 15 mins Hardware PIX 515 32 MB RAM CPU Pentium 200 MHz If you are running a software version below 5 0 1 look at the physical unit to see what model it is Hardware installation guides for the respective software versions contain screen shots of various PIX Cisco PIX Hardware Troubleshooting models e How long did the PIX work before you started having trouble e What has changed RAM upgrade software upgrade since the PIX last worked Hardware and Software Versions The information in this document applies to all Cisco Secure PIX Firewall series including the platforms listed below e 501 e 506 506E e 510 e 520 e 515 515E e 525 e 535 PIX Boot Sequence This section describes the steps that a PIX completes when it is powered on Use it to verify that the basic PIX hardware components are working correctly to ensure minimal operation For a PIX that is is functioning normally the following sequence of events takes place when the PIX is powered on Follow the steps in the order listed using the suggested solutions listed below to help you resolve any issues
7. f any specific event such as a high load may have caused the hang In such a case a reload normally clears the problem If the PIX hangs frequently capture the output of the show traffic command at regular intervals Note that you should issue a clear traffic command on the PIX prior to collecting these statistics Submit this information to the Cisco TAC by opening a TAC case PIX Crash A PIX crash refers to a situation where the system has detected an unrecoverable error and has restarted itself When the PIX reboots it returns to a normal state A normal state means that the PIX is functional passing traffic and that you are able to gain access to the PIX You can confirm whether a PIX rebooted by issuing the show version command and looking for the uptime To check why the PIX rebooted attach a PC to the console of the PIX Firewall This enables capturing of the log messages typically called tracebacks the next time the PIX reboots An example traceback is shown below Traceback 8010278c 80094107 8009beb6 800a5389 800a95fb 8008f9c4 8000279b 7 00000000 lt output deleted for brevity gt NOP WNEF CO Customers can look for any known bugs for the specific PIX software release you are running using the Bug Toolkit registered customers only Compare the traceback with that of the bug to see if they are same If a fix is available upgrade the PIX to the software release in which the fix is present If a bug fix is n
8. o partner or reseller to request a replacement for the hardware component that is causing the issue If you have a support contract directly with Cisco use the Cisco com Case Open Tool to open a TAC case and request a hardware replacement Make sure you attach the following information e Console captures showing the complete error messages or tracebacks e Console captures showing the troubleshooting steps taken and the boot sequence during each step e The hardware component that failed and the serial number for the chassis e Troubleshooting logs e Output from the show tech command If you have been unable to identify your hardware issue in this document please refer to PIX 500 Series Firewalls Field Notices to look at additional known hardware problems Related Information e PIX Support Page e Documentation for PIX Firewall e PIX Command Reference Requests for Comments RFCs All contents are Copyright 1992 2003 Cisco Systems Inc All rights reserved Important Notices and Privacy Statement Updated Jan 07 2003 Document ID 21501 Cisco PIX Hardware Troubleshooting
9. ot available or if you don t find anything related in the Bug Toolkit open a TAC case with the information you gathered in the above section Please capture the complete traceback before opening the case PIX Crash and Boot Loop When a PIX experiences a continuous boot loop you cannot gain access to the PIX and error messages will scroll until the unit is powered off A continuous loop may be due to a hardware issue The Example System Messages section below shows an example of a good boot and two examples of a bad boot due to hardware problems Customers can look for any known bugs for the specific PIX software release you are running using the Bug Toolkit registered customers only Compare the traceback with that of the bug to see if they are same If a fix is available upgrade the PIX to the software release in which the fix is present If a bug fix is not available or if you don t find anything related in the Bug Toolkit open a TAC case with the information you gathered in the above section Please capture the complete traceback before opening the case Cisco PIX Hardware Troubleshooting Example System Messages Normal PIX Operation The following is sample output from a PIX 515 booting under normal operation PhoenixPICOBIOS 4 0 Release 6 0 Copyright 1985 1998 Phoenix Technologies Ltd All Rights Reserved Build Time 04 27 99 17 08 34 Polaris BIOS Version 0 09 CPU Pentium with MMX 200 MHz 640K System RAM Passed 3
10. ution This message can be seen if a 33 MHz Gigabet Ethernet card is used in a 66 MHz bus slot It will not appear on a PIX 535 unit as shipped from Cisco but can appear if the slower card has been moved from a 33 MHz bus slot on the left to one of the four 66 MHz bus slots on the right For performance reasons only 66 MHz cards should be used in these 66MHz bus slots Only One NIC Used An internal error occurred Specifically a programming assertion was violated Copy th rror messag xactly as it appears and get the output of the show version command and the contents of the configuration file Then call your technical support representative assertion PifCount gt 2 amp PifCount lt MAX_PIFS failed file pixmain c line 219 An internal error occurred Specifically a programming assertion was violated Copy th rror messag xactly as it appears and get the output of the show version command and the contents of the configuration Cisco PIX Hardware Troubleshooting file Then call your technical support representative Assertion unsigned ifc lt PifCount failed file pixmain c line 547 Panic pix intfl Cannot open interface card 1 en_3com 1 0x807c14c8 0x00000000 0x807c14c4 0x00000001 Ox807c14c0 O0x80069elc 0x807cl4bc 0x00000000 lt output deleted for brevity gt Solution Use a minimum of two interfaces Summary If you have identified a component that needs to be replaced contact your Cisc
Download Pdf Manuals
Related Search