Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Electrical Engineering

Cisco ASA 5580 Adaptive Security Appliance Hardware

Cisco ASA 5580 Adaptive Security
Appliance Hardware Maintenance Guide
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-12920-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant
to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required
to correct the interference at their own expense.
The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not
installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to
comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable
protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.
Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital
devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television
communications at your own expense.
You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its
peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:
• Turn the television or radio antenna until the interference stops.
• Move the equipment to one side or the other of the television or radio.
• Move the equipment farther away from the television or radio.
• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.)
Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work,
Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP,
CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone,
iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers,
Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to
Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain
other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (0804R)
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
©2008 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
About This Guide
v
Document Objectives
Audience
v
v
Document Organization
v
Installation Warnings vi
Where to Find Safety and Warning Information
ix
Obtaining Documentation and Submitting a Service Request
CHAPTER
1
Preparing for Installation
Overview
1-1
1-1
Installation Overview
1-1
Safety Recommendations 1-2
Maintaining Safety with Electricity 1-2
Preventing Electrostatic Discharge Damage
General Site Requirements 1-3
Site Environment 1-4
Preventive Site Configuration
Power Supply Considerations
Configuring Equipment Racks
CHAPTER
2
ASA 5580
1-4
1-4
1-5
2-1
Supported Interface Cards
2-2
Ports and LEDs 2-3
Front Panel LEDs 2-3
Rear Panel LEDs and Ports
Internal Components
Diagnostic Panel
Specifications
2-5
2-8
2-10
2-10
Working in an ESD Environment
3
1-3
2-1
Introduction
CHAPTER
ix
2-11
Maintenance and Upgrade Procedures
3-1
Removing and Replacing the Chassis Cover
3-1
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
iii
Contents
Removing the Chassis Cover
Replacing the Chassis Cover
3-2
3-3
Accessing the Diagnostic Panel
3-4
Removing and Installing the Interface Cards
Removing the Interface Cards 3-5
Installing an Interface Cards 3-5
Removing and Installing the Power Supply
Removing the Power Supply 3-6
Installing the Power Supply 3-8
3-4
3-6
Removing and Installing Fans 3-10
Removing the Fan 3-11
Installing the Fan 3-12
Upgrading the ASA 5580-20 to an ASA 5580-40 3-12
Accessing the Processor Memory Module 3-13
Installing a Processor 3-15
Troubleshooting Loose Connections
APPENDIX
A
Cable Pinouts
A-1
10/100/1000BaseT Connectors
Console Port (RJ-45)
RJ-45 to DB-9
3-24
A-1
A-2
A-3
MGMT 10/100/1000 Ethernet Port
Gigabit and Fibre Channel Ports
A-4
A-4
INDEX
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
iv
OL-12920-01
About This Guide
This preface includes the following sections:
•
Document Objectives, page v
•
Audience, page v
•
Document Organization, page v
•
Installation Warnings, page vi
•
Obtaining Documentation and Submitting a Service Request, page ix
Document Objectives
This guide describes how to perform maintenance procedures on the Cisco ASA 5580 adaptive security
appliance.
Audience
This guide is for network administrators who install firewalls.
Document Organization
This guide includes the following chapters and appendices:
•
Chapter 1, “Preparing for Installation” describes the installation overview, safety recommendations,
and general site requirements.
•
Chapter 2, “ASA 5580,” introduces the adaptive security appliance.
•
Chapter 3, “Maintenance and Upgrade Procedures,” describes the adaptive security appliance
maintenance and upgrade procedures.
•
Appendix A, “Cable Pinouts,” describes the cable pinouts.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
v
About This Guide
Installation Warnings
Be sure to read the Regulatory Compliance and Safety Information for the Cisco ASA 5580 document that
accompanied this device before installing the chassis. This document contains important safety information.
This section includes the following warnings:
•
AC Power Disconnection Warning, page vi
•
Jewelry Removal Warning, page vi
•
Wrist Strap Warning, page vii
•
Work During Lightning Activity Warning, page vii
•
Installation Instructions Warning, page vii
•
Chassis Warning for Rack-Mounting and Servicing, page vii
•
Short-Circuit Protection Warning, page vii
•
SELV Circuit Warning, page vii
•
Ground Conductor Warning, page vii
•
Blank Faceplates and Cover Panels Warning, page viii
•
Product Disposal Warning, page viii
•
Short-Circuit Protection Warning, page viii
•
Compliance with Local and National Electrical Codes Warning, page viii
•
TN Power Warning, page viii
•
Multiple Power Cord, page viii
•
Circuit Breaker (15A) Warning, page viii
•
Grounded Equipment Warning, page ix
•
Safety Cover Requirement, page ix
•
Faceplates and Cover Panel Requirement, page ix
AC Power Disconnection Warning
Warning
Before working on a chassis or working near power supplies, unplug the power cord on AC units.
Statement 246
Jewelry Removal Warning
Warning
Before working on equipment that is connected to power lines, remove jewelry (including rings,
necklaces, and watches). Metal objects will heat up when connected to power and ground and can
cause serious burns or weld the metal object to the terminals. Statement 43
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
vi
OL-12920-01
About This Guide
Wrist Strap Warning
Warning
During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly
touch the backplane with your hand or any metal tool, or you could shock yourself. Statement 94
Work During Lightning Activity Warning
Warning
Do not work on the system or connect or disconnect cables during periods of lightning activity.
Statement 1001
Installation Instructions Warning
Warning
Read the installation instructions before connecting the system to the power source. Statement 1004
Chassis Warning for Rack-Mounting and Servicing
Warning
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special
precautions to ensure that the system remains stable. The following guidelines are provided to ensure
your safety: This unit should be mounted at the bottom of the rack if it is the only unit in the rack.When mounting
this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom
of the rack.If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit
in the rack. Statement 1006
Short-Circuit Protection Warning
Warning
This product requires short-circuit (overcurrent) protection, to be provided as part of the building
installation. Install only in accordance with national and local wiring regulations. Statement 1045
SELV Circuit Warning
Warning
To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network
voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some
LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables. Statement 1021
Ground Conductor Warning
Warning
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection
authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
vii
About This Guide
Blank Faceplates and Cover Panels Warning
Warning
Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not
operate the system unless all cards, faceplates, front covers, and rear covers are in place. Statement
1029
Product Disposal Warning
Warning
Ultimate disposal of this product should be handled according to all national laws and regulations.
Statement 1040
Short-Circuit Protection Warning
Warning
This product requires short-circuit (overcurrent) protection, to be provided as part of the building
installation. Install only in accordance with national and local wiring regulations. Statement 1045
Compliance with Local and National Electrical Codes Warning
Warning
Installation of the equipment must comply with local and national electrical codes. Statement 1074
TN Power Warning
Warning
The device is designed to work with TN power systems. Statement 19
Multiple Power Cord
Warning
This unit has more than one power cord. To reduce the risk of electric shock when servicing a unit,
disconnect the power cord of the power strip that the unit is plugged into. Statement 137
Circuit Breaker (15A) Warning
Warning
This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that
a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the
phase conductors (all current-carrying conductors). Statement 13
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
viii
OL-12920-01
About This Guide
Grounded Equipment Warning
Warning
This equipment is intended to be grounded. Ensure that the host is connected to earth ground during
normal use. Statement 39
Safety Cover Requirement
Warning
The safety cover is an integral part of the product. Do not operate the unit without the safety cover
installed. Operating the unit without the cover in place will invalidate the safety approvals and pose
a risk of fire and electrical hazards. Statement 117
Faceplates and Cover Panel Requirement
Warning
Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not
operate the system unless all cards, faceplates, front covers, and rear covers are in place. Statement
142
Where to Find Safety and Warning Information
For safety and warning information, see the Regulatory Compliance and Safety Information for the
Cisco ASA 5580 document that accompanied the product. This document describes the international
agency compliance and safety information for the adaptive security appliance. It also includes
translations of the safety warnings.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
ix
About This Guide
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
x
OL-12920-01
CH A P T E R
1
Preparing for Installation
The information in this guide applies to the Cisco ASA 5580 adaptive security appliance. In this guide,
references to “adaptive security appliance” and “ASA 5580 ” apply to the Cisco ASA 5580 adaptive
security appliance.
This chapter describes the steps to follow before installing new hardware or performing hardware
upgrades, and includes the following sections:
•
Overview, page 1-1
•
Installation Overview, page 1-1
•
Safety Recommendations, page 1-2
•
General Site Requirements, page 1-3
Overview
The adaptive security appliance delivers unprecedented levels of defense against threats to the network
with deeper web inspection and flow-specific analysis, improved secure connectivity via end-point
security posture validation, and voice and video over VPN support. It also provides enhanced support
for intelligent information networks through improved network integration, resiliency, and scalability.
The adaptive security appliance software combines firewall, VPN concentrator, and intrusion prevention
software functionality into one software image. Previously, these functions were available in three
separate devices, each with its own software and hardware. Combining the functionality into just one
software image provides significant improvements in the available features.
Additionally, the adaptive security appliance software supports Adaptive Security Device Manager
(ASDM). ASDM is a browser-based, Java applet used to configure and monitor the software on the
adaptive security appliances. ASDM is loaded from the adaptive security appliance, then used to
configure, monitor, and manage the device.
Installation Overview
To prepare for the installation of the chassis, perform the following steps:
Step 1
Review the safety precautions outlined in the Regulatory Compliance and Safety Information for the
Cisco ASA 5580 document.
Step 2
Read the release notes for the respective software version.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
1-1
Chapter 1
Preparing for Installation
Safety Recommendations
Step 3
Unpack the chassis. An accessory kit ships with the chassis and includes the following items:
documentation, a product CD, a power cord (AC models only), two RJ-45 Ethernet cables, one RJ-45 to
DB-9 console cable, a rack-mounting kit, and four self-adhesive feet (for desktop mounting).
Step 4
Place the chassis on a stable work surface.
Safety Recommendations
Use the following guidelines and the information in the following sections to help ensure your safety and
protect the adaptive security appliance. The list of guidelines may not address all potentially hazardous
situations in your working environment, so be alert and exercise good judgement at all times.
Note
If you need to remove the chassis cover to install a hardware component, such as additional memory or
an interface card, doing so does not affect your Cisco warranty. Upgrading the adaptive security
appliance does not require any special tools and does not create any radio frequency leaks.
The safety guidelines are as follows:
•
Keep the chassis area clear and dust-free before, during and after installation.
•
Keep tools away from walk areas where you and others could fall over them.
•
Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains, that could get caught
in the chassis.
•
Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.
•
Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
•
Never attempt to lift an object that is too heavy for one person to handle.
This section includes the following topics:
•
Maintaining Safety with Electricity, page 1-2
•
Preventing Electrostatic Discharge Damage, page 1-3
Maintaining Safety with Electricity
Warning
Before working on a chassis or working near power supplies, unplug the power cord on AC units.
Statement 246
Follow these guidelines when working on equipment powered by electricity:
•
Before beginning procedures that require access to the interior of the chassis, locate the emergency
power-off switch for the room in which you are working. Then, if an electrical accident occurs, you
can act quickly to turn off the power.
•
Do not work alone if potentially hazardous conditions exist anywhere in your work space.
•
Never assume that power is disconnected from a circuit; always check the circuit.
•
Look carefully for possible hazards in your work area, such as moist floors, ungrounded power
extension cables, frayed power cords, and missing safety grounds.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
1-2
OL-12920-01
Chapter 1
Preparing for Installation
General Site Requirements
•
If an electrical accident occurs, proceed as follows:
– Use caution; do not become a victim yourself.
– Disconnect power from the system.
– If possible, send another person to get medical aid. Otherwise, assess the condition of the victim
and then call for help.
– Determine if the person needs rescue breathing or external cardiac compressions; then take
appropriate action.
•
Use the adaptive security appliance chassis within its marked electrical ratings and product usage
instructions.
•
Install the adaptive security appliance in compliance with local and national electrical codes as listed
in the Regulatory Compliance and Safety Information for the Cisco ASA 5580 document.
•
The adaptive security appliance model equipped with AC-input power supplies are shipped with a
3-wire electrical cord with a grounding-type plug that fits only a grounding-type power outlet. Do
not circumvent this safety feature. Equipment grounding should comply with local and national
electrical codes.
Preventing Electrostatic Discharge Damage
Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD damage occurs
when electronic components are improperly handled and can result in complete or intermittent failures.
•
Always follow ESD-prevention procedures when removing and replacing components. Ensure that
the chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring
that it makes good skin contact. Connect the grounding clip to an unpainted surface of the chassis
frame to safely ground ESD voltages. To properly guard against ESD damage and shocks, the wrist
strap and cord must operate effectively. If no wrist strap is available, ground yourself by touching
the metal part of the chassis.
•
For safety, periodically check the resistance value of the antistatic strap, which should be between
1 and 10 megohms (Mohms).
General Site Requirements
The topics in this section describe the requirements your site must meet for safe installation and
operation of your system. Ensure that your site is properly prepared before beginning installation.
This section includes the following topics:
•
Site Environment, page 1-4
•
Preventive Site Configuration, page 1-4
•
Power Supply Considerations, page 1-4
•
Configuring Equipment Racks, page 1-5
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
1-3
Chapter 1
Preparing for Installation
General Site Requirements
Site Environment
Place the chassis on a desktop or mount it on a rack. The location of the chassis and the layout of the
equipment rack or wiring room are extremely important for proper system operation. Equipment placed
too close together, inadequate ventilation, and inaccessible panels can cause system malfunctions and
shutdowns, and can make the chassis maintenance difficult.
When planning the site layout and equipment locations, keep in mind the precautions described in the
next section “Preventive Site Configuration, page 1-4,” to help avoid equipment failures and reduce the
possibility of environmentally caused shutdowns. If you are currently experiencing shutdowns or
unusually high error rates with your existing equipment, these precautions may help you isolate the
cause of failures and prevent future problems.
Preventive Site Configuration
The following precautions will help plan an acceptable operating environment for the chassis and avoid
environmentally caused equipment failures:
•
Electrical equipment generates heat. Ambient air temperature might not be adequate to cool
equipment to acceptable operating temperatures without adequate circulation. Ensure that the room
in which you operate your system has adequate air circulation.
•
Always follow the ESD-prevention procedures described previously to avoid damage to equipment.
Damage from static discharge can cause immediate or intermittent equipment failure.
•
Ensure that the chassis top panel is secure. The chassis is designed to allow cooling air to flow
effectively within it. An open chassis allows air leaks, which may interrupt and redirect the flow of
cooling air from the internal components.
Power Supply Considerations
The adaptive security appliance can have an AC power supply.
Observe the following considerations:
•
Check the power at the site before installing the chassis to ensure that the power is “clean” (free of
spikes and noise). Install a power conditioner if necessary, to ensure proper voltages and power
levels in the source voltage.
•
Install proper grounding for the site to avoid damage from lightning and power surges.
•
In a chassis equipped with an AC-input power supply, use the following guidelines:
– The chassis does not have a user-selectable operating range. Refer to the label on the chassis for
the correct AC-input power requirement.
– Several styles of AC-input power supply cords are available; make sure you have the correct
style for your site.
– Install an uninterruptible power source for your site, if possible.
– Install proper site grounding facilities to guard against damage from lightning or power surges.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
1-4
OL-12920-01
Chapter 1
Preparing for Installation
General Site Requirements
Configuring Equipment Racks
The following tips help you plan an acceptable equipment rack configuration:
•
Enclosed racks must have adequate ventilation. Ensure that the rack is not overly congested, because
each chassis generates heat. An enclosed rack should have louvered sides and a fan to provide
cooling air.
•
When mounting a chassis in an open rack, ensure that the rack frame does not block the intake or
exhaust ports. If the chassis is installed on slides, check the position of the chassis when it is seated
all the way into the rack.
•
In an enclosed rack with a ventilation fan in the top, excessive heat generated by equipment near the
bottom of the rack can be drawn upward and into the intake ports of the equipment above it in the
rack. Ensure that you provide adequate ventilation for equipment at the bottom of the rack.
•
Baffles can help to isolate exhaust air from intake air, which also helps to draw cooling air through
the chassis. The best placement of the baffles depends on the airflow patterns in the rack.
Experiment with different arrangements to position the baffles effectively.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
1-5
Chapter 1
Preparing for Installation
General Site Requirements
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
1-6
OL-12920-01
CH A P T E R
2
ASA 5580
This chapter introduces the ASA 5580 adaptive security appliance. This chapter includes the following
sections:
•
Introduction, page 2-1
•
Supported Interface Cards, page 2-2
•
Ports and LEDs, page 2-3
•
Internal Components, page 2-8
•
Diagnostic Panel, page 2-10
•
Specifications, page 2-10
•
Working in an ESD Environment, page 2-11
Introduction
The Cisco ASA 5580 series adaptive security appliance comes in two models the ASA 5580-20 and
ASA 5580-40. In addition to world-class performance, the adaptive security appliances also introduces
new features and capabilities in the areas of scalable logging, system environmental monitoring, VPN
Remote Access user limits, 10 Gigabit Ethernet interfaces, and more.
The ASA 5580-20 delivers 5 Gigabits per second of TCP traffic and UDP performance is even greater.
Many features in the system are made multi-core capable to achieve this high throughput. In addition the
system delivers greater than 60,000 TCP connections per second and supports up to 1 million
connections.
The ASA 5580-40 delivers 10 Gigabits per second of TCP traffic and similar to ASA 5580-20 the UDP
performance will be even greater. The ASA 5580-40 delivers greater than 120,000 TCP connections per
second and up to 2 million connections in total.
The ASA 5580-20 and the ASA 5580-40 supports 50 security contexts and up to 100 VLAN interfaces
(250 VLAN interfaces will be supported in a future release) and 1 Gigabit of IPSec VPN 3DES
performance. They support up to 24 Gigabit data ports or up to 12 Ten Gigabit data ports as well as two
additional Gigabit ports for management. Optional redundant, hot-swappable power capabilities are
available as well as hot-swappable cooling fans in case of a fan failure.
NetFlow version 9 will be used to export information about the progression of a flow from start to finish.
The NetFlow implementation will export records indicating significant events in the life of a flow. This
is different from traditional NetFlow which exports data about flows at regular intervals. The NetFlow
module will also export records about the flows that are denied by Access Lists. You can configure an
ASA 5580 to send the following events using NetFlow:
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-1
Chapter 2
ASA 5580
Supported Interface Cards
•
Flow Creation
•
Flow Teardown
•
Flow Denied - Only flows denied by ACL will be reported in the first release.
Additionally, the adaptive security appliance software supports Cisco Adaptive Security Device
Manager (ASDM). ASDM delivers world-class security management and monitoring through an
intuitive, easy-to-use web-based management interface. Bundled with the adaptive security appliance,
ASDM accelerates adaptive security appliance deployment with intelligent wizards, robust
administration tools, and versatile monitoring services that complement the advanced integrated security
and networking features offered by the market-leading suite of the adaptive security appliance. Its
secure, web-based design enables anytime, anywhere access to adaptive security appliances.
The system includes environmental monitoring which tracks the operational status of the fans and power
supplies. In addition, it tracks the temperatures of the CPUs and the ambient temperature of the system.
ASDM provides you with a quick view into these items on the Device Dashboard and the new show
environment command has been introduced to provide the information as well.
The ASA 5580 will also support up to 1000 SSL VPN peers, and up to 10,000 total VPN peers.
This release also introduces support for 10 Gigabit Ethernet interfaces and support for jumbo frames up
to 9216.
In addition to the above, enhancements have been made to many existing commands to provide greater
visibility to the operations of the high performance ASA 5580. You will find changes in the following
commands: show version, show activation-key, show interface, show tech, show asp, and more.
Supported Interface Cards
The adaptive security appliance supports the following interface cards:
•
4-Port Gigabit Ethernet Copper PCI Express card
Provides four 10/100/1000BASE-T interfaces, which allow up to 24 total Gigabit Ethernet interfaces
in a fully populated chassis. Figure 2-1 shows the Gigabit Ethernet interface card.
4-Port Gigabit Ethernet Copper PCI Express Card
153325
Figure 2-1
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-2
OL-12920-01
Chapter 2
ASA 5580
Ports and LEDs
•
2-Port 10-Gigabit Ethernet Fiber PCI Express card
Provides two 10000BASE-SX (fiber) interfaces (allowing up to 12 total 10-Gigabit Ethernet fiber
interfaces in a fully populated chassis).
The card ports require a multi-mode fiber cable with an LC connector to connect to the SX interface
of the chassis. Figure 2-2 shows the 2-Port 10-Gigabit Ethernet Fiber PCI Express card.
2-Port 10-Gigabit Ethernet Fiber PCI Express card
190474
Figure 2-2
•
4-Port Gigabit Ethernet Fiber PCI Express card
Provides four 10000BASE-SX (fiber) interfaces (allowing up to 24 total Gigabit Ethernet fiber
interfaces in a fully populated chassis).
The card ports require a multi-mode fiber cable with an LC connector to connect to the SX interface
of the chassis.
Ports and LEDs
This section describes the front and rear panels. This section includes the following topics:
•
Front Panel LEDs, page 2-3
•
Rear Panel LEDs and Ports, page 2-5
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-3
Chapter 2
ASA 5580
Ports and LEDs
Front Panel LEDs
Figure 2-3 shows the LEDs on the front panel of the adaptive security appliance.
Figure 2-3
Front View
3
4
2
5
6
1
1
2
3
4
5
6
7
8
Cisco IPS 4270 SERIES
Intrusion Prevention Sensor
241233
US
AT
EM ST T 0 T 1
ST R M M
UID SY PW MG MG
1
Active LED
2
System LED
3
Power Status LED
4
Management 0/0 LED
5
Management 0/1 LED
6
Power
Table 2-1 describes the front panel switches and indicators on adaptive security appliance.
Table 2-1
Front Panel Switches and Indicators
Indicator
Description
Active
Toggles between Active and Standby Failover status of
the chassis:
System indicator
•
On—Failover active
•
Off—Standby Status
Indicates internal system health:
•
Green—System on
•
Flashing amber—System health degraded
•
Flashing red—System health critical
•
Off—System off
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-4
OL-12920-01
Chapter 2
ASA 5580
Ports and LEDs
Table 2-1
Front Panel Switches and Indicators
Indicator
Description
Power status
indicator
Indicates the power supply status:
MGMT0/0 indicator
MGMT0/1 indicator
Power switch and
indicator
•
Green—Power supply on
•
Flashing amber—Power supply health degraded
•
Flashing red—Power supply health critical
•
Off—Power supply off
Indicates the status of the management port:
•
Green—Linked to network
•
Flashing green—Linked with activity on the
network
•
Off—No network connection
Indicates the status of the management port:
•
Green—Linked to network
•
Flashing green—Linked with activity on the
network
•
Off—No network connection
Turns power on and off:
•
Amber—System has AC power and is in standby
mode
•
Green—System has AC power and is turned on
•
Off—System has no AC power
For more information on the Management Port, see the management-only command in the Cisco ASA
5580 Adaptive Security Appliance Command Reference.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-5
Chapter 2
ASA 5580
Ports and LEDs
Rear Panel LEDs and Ports
Figure 2-4 shows the rear panel LEDs and ports.
Back Panel Features
1
2
PS2
PCI-E x4
9
PCI-E x8
8
7
PCI-E x4 PCI-E x8
6
5
3
PCI-E x4
4
3
PS1
PCI-X 100 MHz
1
2
CONSOLE
UID
5
6
4
7
8
1
Power supply
2
Interface expansion slots
3
Power supply
4
T-15 Torx screwdriver
5
USB ports
6
Reserved slot
7
Example of a populated slot
8
Reserved slot
9
Console port
10 Management ports
9
MGMT0/1
MGMT0/0
241226
Figure 2-4
10
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-6
OL-12920-01
Chapter 2
ASA 5580
Ports and LEDs
Figure 2-5 shows the activity indicators on the Ethernet ports, which has two indicators per port and the
power supply indicators.
Rear Panel LEDs
PS2
PCI-E x4
9
PCI-E x8
8
7
PCI-E x4 PCI-E x8
6
5
PCI-E x4
4
3
PCI-X 100 MHz
1
2
UID
PS1
2
3
CONSOLE
MGMT0/1
MGMT0/0
241230
Figure 2-5
1
1
Power indicator
3
Activity indicator
2
Link indicator
Table 2-2 describes the Ethernet port indicators. The behavior of the port indicators varies based on the
type of port—management port, port in a Gigabit Ethernet interface card, port in a 10-Gigabit Ethernet
Fiber interface card, or a port in a Gigabit Ethernet Fiber interface card.
Table 2-2
Ethernet Port Indicators
Indicator
Description
Gigabit Ethernet
Green (top): link to network
Flashing Green (top): linked with activity on the
network
Amber (bottom): Speed 1000
Green (bottom): Speed 100
Off (bottom): Speed 10
10-Gigabit Ethernet
Fiber (one LED)
Green: link to network
Management port
Green (right): link to network
Flashing green: linked with activity on the network
Flashing green (left): linked with activity on the
network
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-7
Chapter 2
ASA 5580
Ports and LEDs
Table 2-3 describes the power supply indicators.
Table 2-3
Power Supply Indicators
Fail Indicator 1
Amber
Power Indicator 2
Green
Description
Off
Off
No AC power to any power supply
Flashing
Off
Power supply failure (over current)
On
Off
No AC power to this power supply
Off
Flashing
Off
On
•
AC power present
•
Standby mode
Normal
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-8
OL-12920-01
Chapter 2
ASA 5580
Internal Components
Internal Components
Figure 2-6 shows the internal components of the adaptive security appliance.
Figure 2-6
Internal Components
1
2
3
5
4
6
241974
7
1, 3
Power supply
4, 5, 7
2
Interface expansion slots 6
Fans
Diagnostic panel
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-9
Chapter 2
ASA 5580
Diagnostic Panel
Diagnostic Panel
The front panel LEDs indicate hardware status at a high level. The Diagnostic Panel indicators identifies
individual components experiencing an error, event, or failure. All indicators are off unless one of the
component fails.
Note
When you remove the chassis cover to view the Diagnostic Panel, leave adaptive security appliance
powered on. Powering off the adaptive security appliance clears the Diagnostic Panel indicators.
Figure 2-7 shows the Diagnostic Panel. For the location of the Diagnostic Panel in the adaptive security
appliance chassis, see the “Internal Components” section on page 2-8. For information on how to access
the Diagnostic Panel, see the “Accessing the Diagnostic Panel” section on page 3-4.
Figure 2-7
Diagnostic Panel
Table 2-4 lists the indicators that display health status for each component:
Table 2-4
Diagnostic Panel Indicators
Indicator
Component
PS1
Power supply (primary)
PS2
Power supply (optional)
CPU BD (power fault)
Processor memory module board
I/O BD
System board
NMI
System NMI switch
CPU BD (interlock error) System board
PPM X
Processor power module
1A-32D
DIMM Slot
PROC X
Processor
FAN X
Fan
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-10
OL-12920-01
Chapter 2
ASA 5580
Specifications
Specifications
Table 2-5 lists the specifications for adaptive security appliance.
Table 2-5
Adaptive Security Appliance Specifications
Dimensions and Weight
Height
6.94 in. (17.6 cm)
Width
19.0 in. (46.3 cm)
Depth
Weight
26.5 in. (67.3 cm)
1
105 lb (47.6 kg)
Form factor
4 RU, standard 19-inch rack-mountable
Power
Rated input voltage
100 to 127 VAC
200 to 240 VAC
Rated input frequency
50 to 60 Hz
Rated input power
1161W @ 100 VAC
1598W @ 200 VAC
Rated input current
12A (100 VAC)
8A (200 VAC)
Maximum heat dissipation
3960 BTU/hr (100 VAC)
5450 BTU/hr (200 VAC)
Power supply output
910 W (low line)
1300 W (high line)
Environment
Temperature
Operating 50 to 95°F (10 to 35°C) 2
Nonoperating -40°F to 158°F (-40°C to 70°C)
Maximum wet bulb temperature
82.4°F (28°C)
Relative humidity
(noncondensing)
Operating 10% to 90%
Nonoperating 5% to 95%
Altitude
Operating 0 to 6500 ft (2000 m)
Nonoperating 0 to 30,000 ft (9144 m)
Shock
Operating Half-sine 2 G, 11 ms pulse, 100 pulses
Nonoperating 25 G, 170 inches/sec delta V
Vibration
2.2 Grms, 10 minutes per axis on all three axes
1. With full card installation and two power supplies.
2. At sea level with an altitude derating of 1.8 °F per every 1000 ft (1.0° C per every 3.0m) above sea level to a maximum of
10,000 ft (3050 m). no direct sustained sunlight.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
2-11
Chapter 2
ASA 5580
Working in an ESD Environment
Working in an ESD Environment
Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD damage occurs
when electronic components are improperly handled and can result in complete or intermittent failures.
Always follow ESD-prevention procedures when you remove and replace components. Ensure that the
chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring that it
makes good skin contact. Connect the grounding clip to an unpainted surface of the chassis frame to
safely ground unwanted ESD voltages. To guard against ESD damage and shocks, the wrist strap and
cord must operate properly. If no wrist strap is available, ground yourself by touching the metal part of
the chassis.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
2-12
OL-12920-01
CH A P T E R
3
Maintenance and Upgrade Procedures
This chapter describes maintenance and upgrade procedures. This chapter includes the following
sections:
Caution
•
Removing and Replacing the Chassis Cover, page 3-1
•
Accessing the Diagnostic Panel, page 3-4
•
Removing and Installing the Interface Cards, page 3-4
•
Removing and Installing the Power Supply, page 3-6
•
Removing and Installing Fans, page 3-10
•
Upgrading the ASA 5580-20 to an ASA 5580-40, page 3-12
•
Troubleshooting Loose Connections, page 3-24
The BIOS on the ASA 5580 adaptive security appliance chassis is specific to the ASA 5580 adaptive
security appliance and must only be upgraded under instructions from Cisco with BIOS files obtained
from the Cisco website. Installing a non-Cisco or third-party BIOS on the ASA 5580 adaptive security
appliance voids the warranty.
Removing and Replacing the Chassis Cover
This section describes how to remove and replace the chassis cover from the adaptive security appliance.
This section includes the following topics:
•
Removing the Chassis Cover, page 3-2
•
Replacing the Chassis Cover, page 3-3
Warning
Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord.
Statement 1
Warning
This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that
the protective device is rated not greater than 120 VAC, 20 A U.S. (240 VAC, 16-20 A International).
Statement 1005
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-1
Chapter 3
Maintenance and Upgrade Procedures
Removing and Replacing the Chassis Cover
Warning
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection
authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Warning
Blank faceplates and cover panels serve three important functions: they prevent exposure to
hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI)
that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not
operate the system unless all cards, faceplates, front covers, and rear covers are in place.
Statement 1029
Caution
Follow proper safety procedures when removing and replacing the chassis cover by reading the safety
warnings in Regulatory Compliance and Safety Information for the Cisco ASA 5580.
Caution
Do not operate the ASA 5580 adaptive security appliance for long periods with the chassis cover open
or removed. Operating it in this manner results in improper airflow and improper cooling that can lead
to thermal damage.
Removing the Chassis Cover
To remove the chassis cover, perform the following steps:
Note
Removing the chassis cover does not affect Cisco warranty. Upgrading the adaptive security appliance
does not require any special tools and does not create any radio frequency leaks.
Step 1
Read the Regulatory Compliance and Safety Information for the Cisco ASA 5580 document.
Step 2
Extend the adaptive security appliance out of the rack if it is rack-mounted..
If the locking latch is locked, use the T-15 Torx screwdriver located on the back of the chassis to unlock
it. See Figure 2-4 on page 2-6 to see the location of the T-15 Torx screwdriver. Turn the locking screw a
quarter of a turn counterclockwise to unlock it, see Figure 3-1.
Caution
Do not operate the adaptive security appliance without the chassis cover installed. The chassis cover
protects the internal components, prevents electrical shorts, and provides proper air flow for cooling the
electronic components.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-2
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Replacing the Chassis Cover
Step 3
Lift up the cover latch on the top of the chassis, see Figure 3-1.
Figure 3-1
1
2
3
4
Unlocking and Lifting the Latch
5
6
7
8
241967
Cisco ASA
5580
Adaptiv SERIES
e Security
Applian
ce
S
TU
M
TE STA 0 1
UID SYS WR MT MT
P MG MG
Slide the chassis cover back and up to remove it, see Figure 3-2.
Figure 3-2
1
2
3
4
Sliding the Chassis Cover
5
6
7
8
Cisco ASA
5580
Adaptiv SERIES
e Security
Applian
ce
S
TU
M
TE STA 0 1
UID SYS WR MT MT
P MG MG
241968
Step 4
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-3
Chapter 3
Maintenance and Upgrade Procedures
Accessing the Diagnostic Panel
Replacing the Chassis Cover
To replace the chassis cover, perform the following steps:
Step 1
Position the cover on top of the chassis and slide it on. Push down on the cover latch to lock it into place.
Note
Step 2
Make sure the chassis cover is securely locked into place before powering on the adaptive
security appliance.
Reinstall the adaptive security appliance in a rack, on a desktop, or on a table, or extend it back into the
rack.
Accessing the Diagnostic Panel
Note
When you remove the chassis cover to view the Diagnostic Panel, leave the adaptive security appliance
powered on. Powering off the adaptive security appliance clears the Diagnostic Panel indicators.
To access the Diagnostic Panel, perform the following steps:
Step 1
Extend the adaptive security appliance from the rack..
Step 2
Remove the chassis cover.
For more information, see Removing the Chassis Cover, page 3-2.
Step 3
Locate the Diagnostic Panel (see Figure 2-7 on page 2-10)
For information on what internal health information each indicator displays, see the
“Figure 2-7Diagnostic Panel” section on page 2-10. Follow the instructions in this chapter to remove and
install failed components. For aid in troubleshooting, use the internal health indicators information when
contacting TAC.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-4
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Interface Cards
Removing and Installing the Interface Cards
The adaptive security appliance has nine expansion card slots. Slots 1 and 2 are PCI-X slots and are
reserved for future use. Slots 3 through 9 are PCI Express card slots. All slots are full-height slots. Slot 9
is reserved and is not available for use by network interface cards.
This section includes the following topics:
Caution
•
Removing the Interface Cards, page 3-5
•
Installing an Interface Cards, page 3-5
To prevent damage to the adaptive security appliance or the expansion cards, power down the adaptive
security appliance and remove all AC power cables before removing or installing expansion cards.
Removing the Interface Cards
To remove the interface cards, perform the following steps:
Step 1
Power off the adaptive security appliance
Step 2
Remove the power cables from the adaptive security appliance.
Step 3
If rack-mounted, extend the adaptive security appliance from the rack.
Step 4
Make sure the adaptive security appliance is in an ESD-controlled environment.
For more information, see the “Working in an ESD Environment” section on page 2-12.
Step 5
Remove the chassis cover.
For more information, see the “Removing the Chassis Cover” section on page 3-2.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-5
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Interface Cards
Step 6
To unlock the expansion card slot, push down on the center part of the blue tab and open the latch, see
Figure 3-3.
Step 7
To install a card, position the card over the socket, and gently push the card down, see Figure 3-3.
Figure 3-3
Unlocking the Expansion Card Slot and Installing the Card
PS2
8
PCI-E x8
7
PCI-E x4
PCI-E x8
6
5
4
PCI-E x4
3
P
250204
PCI-E x4
9
UID
Installing an Interface Cards
To install the interface cards, perform the following steps:
Step 1
To install a card, position the card so that its connector lines up over the socket on the mother board and
push the card down in to the socket. Press down on the outer edge of the blue tab to lock the card into
place.
Note
Step 2
To remove the expansion cards, unlock the retaining clip. To install the expansion cards, lock the
retaining clip.
Replace the chassis cover.
For more information, see Replacing the Chassis Cover, page 3-3.
Step 3
Slide the server back in to the rack by pressing the server rail-release handles.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-6
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Power Supply
Step 4
Reconnect the power cables to the adaptive security appliance.
Step 5
Power on the adaptive security appliance.
Removing and Installing the Power Supply
The adaptive security appliance ships with two hot-pluggable power supplies, providing a redundant
power supply configuration. You can install or replace either power supply without powering down the
adaptive security appliance, as long as one power supply is active and functioning correctly.
Note
Make sure the two power supplies are powered by separate AC power sources so that the adaptive
security appliance is always available.
This section describes how to remove and install the power supply in the adaptive security appliance.
This section includes the following topics:
•
Removing and Installing the Power Supply, page 3-6
•
Installing the Power Supply, page 3-8
Removing the Power Supply
The Power supplies are hot-pluggable. If you are replacing a redundant power supply, you can replace it
while the adaptive security appliance is running. If only one power supply is installed, do not remove the
power supply unless the adaptive security appliance has been powered off. Removing the only
operational power supply causes an immediate power loss.
To remove the power supply, perform the following steps:
Note
The following steps apply only if you have one active functioning power supply.
Step 1
Power off the adaptive security appliance.
Step 2
Remove the power cable from the adaptive security appliance.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-7
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Power Supply
Step 3
Use the T-15 Torx screwdriver that shipped with the adaptive security appliance to remove the shipping
screw, see Figure 3-4. For location of the T-15 Torx screwdriver, see Figure 2-4 on page 2-6.
Step 4
Press the latch, and pull the power supply handle out, see Figure 3-4.
Figure 3-4
PCI-E x4
4
Removing the Screw
3
PCI-X 10
0 MHz
2
1
CONSO
LE
MGMT 0/
1
Step 5
MGMT 0/
0
241970
PS1
Remove the power supply by pulling it away from the chassis, see Figure 3-5.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-8
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Power Supply
Figure 3-5
PCI-E x4
4
3
Pulling the Power Supply Handle
PCI-X 10
0 MHz
2
1
CONSO
LE CO
NSOLE
MGMT 0/
1
MGMT 0/
0
241971
PS1
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-9
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing the Power Supply
Installing the Power Supply
To install the power supply in the adaptive security appliance, perform the following steps:
Step 1
Align and push the power supply into place, see Figure 3-6.
Figure 3-6
PCI-E x4
4
3
Pushing the Power Supply
PCI-X 10
0 MHz
2
1
CONSO
LE
MGMT 0/
1
Step 2
MGMT 0/
0
241972
PS1
Lock the power supply handle, see Figure 3-7.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-10
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing Fans
Figure 3-7
PCI-E x4
4
3
Locking the Power Supply Handle
PCI-X 10
0 MHz
2
1
CONSO
LE
MGMT 0/
1
MGMT 0/
0
241973
PS1
Step 3
Use the T-15 Torx screwdriver to screw the power supply back into place.
Step 4
Reconnect the power cable.
Be sure that the power supply indicator and the front panel health indicators are green.
Step 5
Power on the adaptive security appliance.
Removing and Installing Fans
There are six fans in the adaptive security appliance. For the fan locations, see Figure 2-6 on page 2-9.
The adaptive security appliance supports redundant hot-pluggable fans in a 5 + 1 configuration to
provide proper airflow. This section describes how to install and remove the fans in the adaptive security
appliance. This section includes the following topics:
•
Removing the Fan, page 3-11
•
Installing the Fan, page 3-12
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-11
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing Fans
Figure 3-8 shows the fan, its connector, and its indicator.
Fan, Connector, and Indicator
250251
Figure 3-8
The fan indicators provide the following information:
•
Green—Operating normally
•
Amber—Failed
•
Off— No power
Removing the Fan
To remove fans in the adaptive security appliance, perform the following steps:
Step 1
Extend the chassis from the rack..
Step 2
Remove the chassis cover. For more information, see Removing the Chassis Cover, page 3-2
Step 3
Identify the failed fan by locating an amber indicator on top of the failed fan or a lighted FAN X indicator
on the Diagnostic Panel.
For more information about the Diagnostic Panel, see Figure 2-7 on page 2-10.
Step 4
To remove the fan, grasp the red plastic handle and pull the handle up, see Figure 3-9.
Note
Remove and replace one fan at a time.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-12
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Removing and Installing Fans
Figure 3-9
Removing the Fan
PS2
PCI-E x4
9
8
PCI-E x8
7
PCI-E x4
PCI-E x8
6
5
4
PCI-E x4
3
PCI-X 100
MHz
2
1
PS1
241969
UID
CONSO
LE
MGMT 0/1
MGMT 0/0
Installing the Fan
To install fans in the adaptive security appliance, perform the following steps:
Step 1
To install a new fan, position the fan over the slot so that the connector below the fan indicator lines up
with the connection on the motherboard (for the location of the connector, see Figure 3-8).
Step 2
Push down until the fan clicks into place.
Step 3
Check to make sure the indicator on each fan is green.
Note
If the front panel internal system health indicator is not green after you install a fan, reseat the
fan.
Step 4
Replace the chassis cover.
Step 5
Slide the adaptive security appliance back in to the rack by pressing the rail-release handles.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-13
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Upgrading the ASA 5580-20 to an ASA 5580-40
Note
When you purchase the appropriate user upgrade license, you will receive a Product Activation Key
(PAK) when the order is fulfilled. Per the enclosed instructions, you should visit
http://www.cisco.com/go/license, where you will be prompted to enter your contact information and
PAK number along with the serial number of your module. The software on the Content Security Edition
module will be enabled for the new user count and/or Plus functionality automatically and transparently
the next time it checks for updates.
The adaptive security appliance supports operation in a two or four-processor configuration. The
adaptive security appliance supports un functions through the processor installed in processor socket 1.
The adaptive security appliance power modules provide proper power to each processor. Each power
module must be installed in the slot adjacent to its processor.
Note
Always upgrade the license first before adding new processors. After upgrading the license, you must
reboot the chassis. If you fail to reboot or reboot without adding new processors after upgrading your
license, the chassis will continue to operate as an ASA 5580-20 adaptive security appliance.
Accessing the Processor Memory Module
The processors and the power modules are stored in a module at the front of the adaptive security
appliance. Access to this module is provided through the front panel, eliminating the need to extend the
adaptive security appliance from the rack to install or replace the processors.
To remove the processor module, perform the following steps:
Step 1
Power off the adaptive security appliance.
Step 2
Use a grounding strap. For more information, see the “Working in an ESD Environment” section on
page 2-12.
Step 3
Release the latches on the lever, see Figure 3-10.
Step 4
Lower the handle, and pull the module out of the adaptive security appliance until the release latches
catch, see Figure 3-10.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-14
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Releasing the Latch and Lowering the Handle
242070
Figure 3-10
Step 5
Firmly holding the module, press the release buttons and pull the module out of the adaptive security
appliance, see Figure 3-11.
Release Button Location
242071
Figure 3-11
1
Release buttons
2
Module
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-15
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Step 6
Remove the fans installed in the cover of the module by grasping the red plastic handle and pulling the
handle up, see Figure 3-12.
Removing the Fan and Releasing the Latch
242072
Figure 3-12
Step 7
Release the latch, and open the cover, see Figure 3-12.
Installing a Processor
Caution
To avoid damage to the adaptive security appliance and system board, only authorized personnel should
attempt to replace or install the processor in this adaptive security appliance.
Caution
To prevent possible malfunction and damage to the equipment, multiple processors installed in the
adaptive security appliance must have the same part number.
Caution
Processor and processor power module sockets 1 and 2 must be populated at all times or the adaptive
security appliance will not function properly.
Caution
To help avoid damage to the processor and system board, use the processor installation tool to install the
new processor.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-16
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Caution
Use caution when installing the processor memory module or removing the processor memory module;
when fully populated, it can weigh up to 30 pounds.
To install a processor, perform the following steps:
Step 1
Open the heatsink retaining bracket, see Figure 3-13.
Opening the Heatsink Bracket
242073
Figure 3-13
Caution
Step 2
The pins on the processor socket are very fragile. Any damage to them may require replacing the system
board.
Remove the processor socket protective cover, see Figure 3-14. Retain the cover for future use.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-17
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Removing the Processor Socket Protective Cover
242074
Figure 3-14
Caution
Step 3
Failure to completely open the processor locking lever prevents the processor from seating during
installation, leading to hardware damage.
Rotate the latch and open the retaining bracket, see Figure 3-15.
Rotating the Latch and Opening the Retaining Bracket
242075
Figure 3-15
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-18
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Caution
Step 4
Be sure the processor remains inside the processor installation tool.
If the processor has separated from the installation tool, carefully reinsert the processor in the tool, see
Figure 3-16.
Reinsert the Processor in the Tool
242076
Figure 3-16
Step 5
Caution
Align the processor installation tool with the socket and install the processor, see Figure 3-17.
The processor is designed to fit one way into the socket. Use the alignment guides on the processor and
socket to properly align the processor with the socket.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-19
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Aligning and Installing the Processor
242077
Figure 3-17
Step 6
Press down firmly until the processor installation tool clicks and separates from the processor, and then
remove the processor installation tool, see Figure 3-18.
The Processor Installation Tool
242078
Figure 3-18
Step 7
Close the processor retaining bracket and the processor retaining latch, see Figure 3-19.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-20
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Closing the Processor Retaining Bracket and Retaining Latch.
242079
Figure 3-19
Step 8
Caution
Step 9
Remove the heatsink cover.
After the cover is removed, do not touch the thermal interface media.
Install the heatsink, you must press hard to clamp it down, see Figure 3-20.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-21
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Installing the Heatsink
242080
Figure 3-20
Step 10
Close the heatsink retaining bracket, see Figure 3-21.
Closing the Heatsink Retaining Bracket
242081
Figure 3-21
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-22
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Step 11
Install the processor power module. The processor power module is keyed and the key must be aligned
when installed, see Figure 3-22.
Note
Always install a processor power module when you install a processor. The system fails to boot
if the corresponding processor power module is missing.
Installing the Processor Power Module
242082
Figure 3-22
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-23
Chapter 3
Maintenance and Upgrade Procedures
Upgrading the ASA 5580-20 to an ASA 5580-40
Step 12
Install the memory module into the adaptive security appliance. The four memory modules should be
installed in slots 17I, 18I, 25M, and 26M, see Figure 3-23.
Note
Memory location before upgrading are 1A, 2A, 3B, 4B 9E, 10E, 11F, 12F.
DIMM slot identification
242069
Figure 3-23
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-24
OL-12920-01
Chapter 3
Maintenance and Upgrade Procedures
Troubleshooting Loose Connections
Step 13
Close the processor memory module cover, see Figure 3-24.
Figure 3-24
Closing the Module Cover
Step 14
Install the fan by positioning the fan over the slot so that the connector below the fan indicator lines up
with the connection on the motherboard. Push down until the fan clicks into place.
Step 15
Power on the adaptive security appliance.
Troubleshooting Loose Connections
Perform the following actions to troubleshoot loose connections on the ASA 5580 adaptive security
appliance:
•
Make sure all power cords are securely connected.
•
Make sure all cables are properly aligned and securely connected for all external and internal
components.
•
Remove and check all data and power cables for damage. Make sure no cables have bent pins or
damaged connectors.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
3-25
Chapter 3
Maintenance and Upgrade Procedures
Troubleshooting Loose Connections
•
Make sure each device is properly seated.
•
If a device has latches, make sure they are completely closed and locked.
•
Check any interlock or interconnect indicators that indicate a component is not connected properly.
If problems continue, remove and reinstall each device, checking the connectors and sockets for bent
pins or other damage.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
3-26
OL-12920-01
A P P E N D I X
A
Cable Pinouts
This appendix describes pinout information for 10/100/1000BaseT ports, console and the RJ-45 to DB-9
ports, and the Management 10/100/1000 Ethernet port, and includes the following sections:
•
10/100/1000BaseT Connectors, page A-1
•
Console Port (RJ-45), page A-2
•
RJ-45 to DB-9, page A-3
•
MGMT 10/100/1000 Ethernet Port, page A-4
•
Gigabit and Fibre Channel Ports, page A-4
10/100/1000BaseT Connectors
The adaptive security appliance supports 10/100/1000BaseT ports. You must use at least a Category 5
cable for 100/1000baseT operations, but a Category 3 cable can be used for 10BaseT operations.
The 10/100/1000BaseT ports use standard RJ-45 connectors and supports MDI and MDI-X connectors.
Ethernet ports normally use MDI connectors and Ethernet ports on a hub normally use an MDI-X connector.
Use an Ethernet straight-through cable to connect an MDI to an MDI-X port. Use a cross-over cable to
connect an MDI to an MDI port, or an MDI-X to an MDI-X port.
Figure A-1 shows the 10BaseT and the 100BaseTX connector (RJ-45).
10/100 Port Pinouts
Pin
Label
1
RD+
2
RD-
3
TD+
4
NC
5
NC
6
TD-
7
NC
8
NC
1 2 3 4 5 6 7 8
H5318
Figure A-1
Figure A-2 shows the 10BaseT, 100BaseTX, and 1000BASE-T connector (RJ-45).
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
A-1
Appendix A
Cable Pinouts
Console Port (RJ-45)
10/100/1000 Port Pinouts
Pin
Label
1
TP0+
2
TP0-
3
TP1+
4
TP2+
5
TP2-
6
TP1-
7
TP3+
8
TP3-
1 2 3 4 5 6 7 8
60915
Figure A-2
Console Port (RJ-45)
Cisco products use the following types of RJ-45 cables:
Note
•
Straight-through
•
Crossover
Cisco does not provide these cables; they are widely available from other sources.
Figure A-3 shows the RJ 45 cable.
RJ-45 Cable
87654321
RJ-45 connector
H2936
Figure A-3
To identify the RJ-45 cable type, hold the two ends of the cable next to each other so that you can see
the colored wires inside the ends, as shown in Figure A-4.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
A-2
OL-12920-01
Appendix A
Cable Pinouts
RJ-45 to DB-9
RJ-45 Cable Identification
H5663
Figure A-4
Examine the sequence of colored wires to determine the type of RJ-45 cable, as follows:
•
Straight-through—The colored wires are in the same sequence at both ends of the cable.
•
Crossover—The first (far left) colored wire at one end of the cable is the third colored wire at the
other end of the cable.
Table A-1 lists the rolled (console) cable pinouts for RJ-45.
Table A-1
RJ-45 Rolled (Console) Cable Pinouts
Signal Pin
Pin
Pin
-
1
8
-
-
2
7
-
-
3
6
-
-
4
5
-
-
5
4
-
-
6
3
-
-
7
2
-
-
8
1
-
RJ-45 to DB-9
Table A-2 lists the cable pinouts for RJ-45 to DB-9 or DB-25.
Table A-2
Cable Pinouts for RJ-45 to DB-9 or DB-25
Signal
RJ-45 Pin
DB-9 Pin
RTS
8
8
DTR
7
6
TxD
6
2
GND
5
5
GND
4
5
RxD
3
3
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
A-3
Appendix A
Cable Pinouts
MGMT 10/100/1000 Ethernet Port
Table A-2
Cable Pinouts for RJ-45 to DB-9 or DB-25 (continued)
Signal
RJ-45 Pin
DB-9 Pin
DSR
2
4
CTS
1
7
MGMT 10/100/1000 Ethernet Port
The MGMT 10/100/1000 Ethernet port is an Ethernet port with an RJ-45 connector. You can use a
modular, RJ-45, straight-through UTP cable to connect the management port to an external hub, switch,
or router.
Table A-3 lists the cable pinouts for 10/100/1000BASE-T Management Port Cable Pinouts (MDI).
Table A-3
10/100/1000BASE-T Management Port Cable Pinouts (MDI)
Signal
Pin
TD+
1
TD-
2
RD+
3
RD-
6
Not used
4
Not used
5
Not used
7
Not used
8
Gigabit and Fibre Channel Ports
Table A-4 lists the types of SFP modules and connectors used in the adaptive security appliance.
Table A-4
Port
Types of SFP Modules and Connectors
Compliance
Connector
Fiber Type
Gigabit Ethernet 1000BASE-SX
SW
MMF
1000BASE-LX
LW
SMF
Table A-5 lists the SFP port cabling specifications for the SFP modules and connectors used in the
adaptive security appliance.
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
A-4
OL-12920-01
Appendix A
Cable Pinouts
Gigabit and Fibre Channel Ports
Table A-5
SFP Port Cabling Specifications
Cisco Product
Number
Wavelength
(nanometer)
Core Size
(micron)
Baud Rate
Cable Distance
GLC-SX-MM=
850
62.5
1.0625
300 m
50.0
1.0625
500 m
9.0
1.0625
10 km
GLC-LH-SM=
1300
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
A-5
Appendix A
Cable Pinouts
Gigabit and Fibre Channel Ports
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
A-6
OL-12920-01
I N D EX
Numerics
C
10-Gigabit Ethernet fiber interface card
chassis
described
loose connections
2-3
2SX card
illustration
3-24
chassis covers
removing
2-3
4GE bypass interface card
illustration
2-10
3-2
Cisco warranty
1-2
2-2
D
A
Diagnostic Panel
accessing
accessing
Diagnostic Panel ASA 5580
accessing Diagnostic Panel
3-4
component list
illustration
3-4
ASA 5580
indicators
2-10
2-10
2-10
Diagnostic Panel
described
illustration
2-10
E
2-10
Ethernet port indicators
expansion card slots
2-7
3-4
see ESD
fan connector and indicator (illustration)
fan indicators
3-11
equipment racks
3-11
tips
installing
fans
electrostatic discharge
1-5
ESD
3-11
preventing
interface cards
3-5
power supplies
3-6
power supply indicators
Ethernet port indicators
ASA 5580
2-8
ASA 5580
3-5
power supplies
3-6
specifications
T-15 Torx screwdriver
3-4
F
2-10
supported interface cards
2-7
expansion card slots
removing
interface cards
1-3, 2-11
2-2
3-7, 3-10
fan indicators
ASA 5580
3-11
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
OL-12920-01
IN-1
Index
fans
ASA 5580
ventilation
2-8
1-5
R
G
RJ-45 connector
Gigabit Ethernet fiber interface card
described
pinouts
A-3
2-3
Gigabit Ethernet interface card
described
2-2
S
safety
1-2
site environment
I
1-3
specifications
installing
ASA 5580
fans (ASA 5580)
3-11
interface cards
T
ASA 5580
installing
3-5
removing
3-5
supported
T-15 Torx screwdriver
ASA 5580
2-2
3-7, 3-10
troubleshooting
internal health information
Diagnostic Panel
chassis loose connections
3-4
3-24
Diagnostic Panel (ASA 5580)
L
V
loose connections
ventilation fans
chassis
2-10
3-4
1-5
3-24
W
M
warranty
MGMT
1-2
2-5
P
power supplies
ASA 5580
installing
3-6
removing
3-6
power supply indicators
Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide
IN-2
OL-12920-01
Related documents
energy performance certification testing of appliances and
energy performance certification testing of appliances and
FUNCTIONAL APPLIANCES
FUNCTIONAL APPLIANCES
ACAAI ASA Challenge
ACAAI ASA Challenge
Hazardous Materials: Awareness and Operations
Hazardous Materials: Awareness and Operations
Essay
Essay
Buy energy-efficient home appliances
Buy energy-efficient home appliances
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Advanced learning and adaptive problem solving techniques
Advanced learning and adaptive problem solving techniques
Download