Cisco ASA 5580 Hardware Installation Guide
ASA 5580
Downloads: This chapterpdf (PDF - 485.0KB) The complete bookPDF (PDF - 4.25MB) | Feedback

Introduction to the ASA 5580

Table Of Contents

Introduction to the ASA 5580

Package Contents

Model Variants

Front and Rear Panel Overview

Front Panel

Rear Panel

Rear Panel Overview

Ethernet Port Activity Indicators

Power Supply Indicators

Internal Components

Diagnostic Panel

Network Interfaces

Built-In Management Interfaces

Expansion Slots and PCI Buses

PCI Adapters

4-Port Gigabit Ethernet Copper PCI Adapter

4-Port Gigabit Ethernet Fiber PCI Adapter

2-Port 10-Gigabit Ethernet Fiber PCI Adapter

I/O Bridges

Interface Numbering

Auto-MDI/MDIX Feature

Specifications


Introduction to the ASA 5580


Read through the entire guide before beginning any of the procedures in this book.


Warning Only trained and qualified personnel should install, replace, or service this equipment. Statement 49

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5580 and follow proper safety procedures when performing these steps.

This chapter describes the product and the memory requirements and includes the following topics:

Package Contents

Model Variants

Front and Rear Panel Overview

Internal Components

Diagnostic Panel

Network Interfaces

Specifications

Package Contents

1

ASA 5580 Series Chassis

2

RJ-45 to DB-9 Adapter

3

2 Yellow Ethernet Cables

4

Documentationt and Software CD

5

Blue Console Cable PC Terminal Adapter

 

In addition to the contents shown in the figure above, the contents of the ASA 5580 package include the rail system kit. The rail system kit contains the following items:

Two slide assemblies

Two chassis rails

Four Velcro straps

Six zip ties

One cable management arm

A package of miscellaneous parts (screws, and so forth)

One cable management arm stop bracket

Model Variants

The Cisco ASA 5580 comes in two models:

ASA 5580-20—Includes 2 processors.

ASA 5580-40—Includes 4 processors.

The 5580-40 also includes more DRAM by default.

To upgrade from the ASA 5580-20 to the ASA 5580-40, see the "Upgrading the ASA 5580-20 to an ASA 5580-40" section.

Front and Rear Panel Overview

This section describes the front and rear panels and includes the following topics:

Front Panel

Rear Panel

Front Panel

Figure 1-1 shows the front panel.

Figure 1-1 Front Panel

1

Active LED

2

System LED

3

Power Status LED

4

Management 0/0 LED

5

Management 0/1 LED

6

Power


Table 1-1 describes the front panel switches and indicators on ASA 5580.

Table 1-1 Front Panel Switches and Indicators

Indicator
Description

Active1 t

Indicates the Active and Standby Failover status of the chassis:

On—Failover active

Off—Standby Status

System indicator

Indicates internal system health:

Green—System on

Flashing amber—System health degraded

Flashing red—System health critical

Off—System off

Power status indicator

Indicates the power supply status:

Green—Power supply on

Flashing amber—Power supply health degraded

Flashing red—Power supply health critical

Off—Power supply off

MGMT0/0 indicator

Indicates the status of the management port:

Green—Linked to network

Flashing green—Linked with activity on the network

Off—No network connection

MGMT0/1 indicator

Indicates the status of the management port:

Green—Linked to network

Flashing green—Linked with activity on the network

Off—No network connection

Power switch and indicator

Turns power on and off:

Amber—System has AC power and is in standby mode

Green—System has AC power and is turned on

Off—System has no AC power

1 On a standalone device, this button is always on. In Active/Standby pairs, it is on for the active unit and off for the standby unit. In Active/Active pairs, it is on for any unit with an active failover group. Furthermore, when the system software causes the button to light (because it is active or standalone), pushing the button does nothing. It stays lit. When the system software causes the button to be off, pushing the button lights it. Pushing the button again will cause it to turn off again.


Rear Panel

Rear Panel Overview

Ethernet Port Activity Indicators

Power Supply Indicators

Rear Panel Overview

Figure 1-2 shows the rear panel.

Figure 1-2 Rear Panel

1

Power supply

2

Interface expansion slots

3

Power supply

4

T-15 Torx screwdriver

5

USB ports

6

Reserved slot

7

Example of a populated slot

8

Reserved slot

9

Console port

10

Management ports


For more information about the network interfaces, see the "Network Interfaces" section.

Ethernet Port Activity Indicators

Figure 1-3 shows the activity indicators on the Ethernet ports, which has two indicators per port and the power supply indicators.

Figure 1-3 Rear Panel LEDs

1

Power indicator

2

Link indicator

3

Activity indicator

 

Table 1-2 describes the Ethernet port indicators. The behavior of the port indicators varies based on the type of port—management port, port in a Gigabit Ethernet interface card, port in a 10-Gigabit Ethernet Fiber interface card, or a port in a Gigabit Ethernet Fiber interface card.

Table 1-2 Ethernet Port Indicators 

Indicator
Description

Gigabit Ethernet

Green (top): link to network

Flashing Green (top): linked with activity on the network

Amber (bottom): Speed 1000

Green (bottom): Speed 100

Off (bottom): Speed 10

10-Gigabit Ethernet Fiber (one LED)

Green: link to network

Flashing green: linked with activity on the network

Management port

Green (right): link to network

Flashing green (left): linked with activity on the network


Power Supply Indicators

Table 1-3 describes the power supply indicators.

Table 1-3 Power Supply Indicators

Fail Indicator 1
Amber
Power Indicator 2
Green
Description

Off

Off

No AC power to any power supply

Flashing

Off

Power supply failure (over current)

On

Off

No AC power to this power supply

Off

Flashing

AC power present

Standby mode

Off

On

Normal


Internal Components

Figure 1-4 shows the internal components of the ASA 5580.

Figure 1-4 Internal Components

1, 3

Power supply

4, 5, 7

Fans

2

Interface expansion slots

6

Diagnostic panel


Diagnostic Panel

The front panel LEDs indicate hardware status at a high level. The Diagnostic Panel indicators identifies individual components experiencing an error, event, or failure. All indicators are off unless one of the component fails.


Note When you remove the chassis cover to view the Diagnostic Panel, leave ASA 5580 powered on. Powering off the ASA 5580 clears the Diagnostic Panel indicators.


Figure 1-5 shows the Diagnostic Panel. For the location of the Diagnostic Panel in the ASA 5580 chassis, see the "Internal Components" section. For information on how to access the Diagnostic Panel, see the "Accessing the Diagnostic Panel" section.

Figure 1-5 Diagnostic Panel

Table 1-4 lists the indicators that display health status for each component.

Table 1-4 Diagnostic Panel Indicators

Indicator
Component

PS1

Power supply (primary)

PS2

Power supply (optional)

CPU BD (power fault)

Processor memory module board

I/O BD

System board

NMI

System NMI switch

CPU BD (interlock error)

System board

PPM X

Processor power module

1A-32D

DIMM Slot

PROC X

Processor

FAN X

Fan


Network Interfaces

This section describes the network interfaces available for the ASA 5580, and includes performance guidelines. Look for the "Optimizing Performance" headings for important best practices you should follow when planning your installation.

This section includes the following sections:

Built-In Management Interfaces

Expansion Slots and PCI Buses

PCI Adapters

I/O Bridges

Interface Numbering

Auto-MDI/MDIX Feature

Built-In Management Interfaces

The ASA 5580 has two built-in Gigabit Ethernet network interfaces called Management 0/0 and Management 0/1.

Optimizing Performance

The management interfaces are capable of passing through traffic (see the interfaces chapter in the configuration guide). However, the management-only interfaces have not been optimized to pass data traffic and will not perform as well as the interfaces on the adapters.

Expansion Slots and PCI Buses

The ASA 5580 has nine expansion slots:

Slots 3 through 8—For supported PCI Express network interface adapters.

Slots 1, 2, and 9—Reserved. Slot 1 is populated by the crypto accelerator and is not available for use by network interface cards. Slots 2 and 9 are reserved for future use.

The ASA 5580 includes two types of PCI buses:

Normal Capacity (PCI Express x4 non-hot-plug)—Slots 3, 4, and 6.

High Capacity (PCI Express x8 non-hot-plug)—Slots 5, 7, and 8.

You can use the show io-bridge command to see the traffic throughput over each bus. For more information about using the command, see the Cisco ASA 5580 Adaptive Security Appliance Command Reference.

Optimizing Performance

You should use the high-capacity slots for 10-Gigabit Ethernet adapters; other adapters can be placed in any slot.

PCI Adapters

The ASA 5580 supports the following PCI adapters:

4-Port Gigabit Ethernet Copper PCI Adapter

4-Port Gigabit Ethernet Fiber PCI Adapter

2-Port 10-Gigabit Ethernet Fiber PCI Adapter

4-Port Gigabit Ethernet Copper PCI Adapter

Provides four 10/100/1000Base-T interfaces. Figure 1-6 shows the Gigabit Ethernet interface card.

Figure 1-6 4-Port Gigabit Ethernet Copper PCI Card

4-Port Gigabit Ethernet Fiber PCI Adapter

Provides four 1000Base-SX (fiber) interfaces. These interfaces require a multi-mode fiber cable with an LC connector to connect to the SX interface of the sensor.

Optimizing Performance

The Gigabit Ethernet Fiber PCI adapter with SR optics has a distance capability of 300 meters. The adapters are designed to support short distances over deployed multi-mode fiber cabling with a range of between 26 metres (85 ft) and 82 metres (270 ft) depending on cable type.

The adapter also supports 300 metres (980 ft) operation over new, 50 µm 2000 MHz·km OM3 multi-mode fiber (MMF). The transmitter can be implemented with a VCSEL (Vertical Cavity Surface Emitting Laser).

2-Port 10-Gigabit Ethernet Fiber PCI Adapter

Provides two 10000Base-SX (fiber) interfaces. These interfaces require a multi-mode fiber cable with an LC connector to connect to the SX interface of the sensor.

Figure 1-7 shows the 2-Port 10-Gigabit Ethernet Fiber PCI card.

Figure 1-7 2-Port 10-Gigabit Ethernet Fiber PCI Card

Optimizing Performance

A 10-Gigabit Ethernet interface can deliver 10-Gigabit Ethernet full-duplex on one port given the right traffic profile. However, if you use both interfaces on the adapter at 10-Gigabit Ethernet full-duplex, the bus bandwidth limits the combined throughput to under 16 Gbps full-duplex.

Because of the way packets are load-balanced between the TX and RX rings of the 10-Gigabit Ethernet interface (based on the source and destination IP address and port), optimum load-balancing, and therefore throughput, is acheived when you have connections in multiples of 64. For example, if you have very few connections, then the TX and RX rings will not be used evenly, and the throughput will be adversely affected.

I/O Bridges

Each PCI bus connects to one of two I/O bridges:

I/O bridge 1: Slot 3, slot 4, slot 5, and slot 6. Also, Management 0/0 and 0/1.

I/O bridge 2: Slot 7 and slot 8.

Each bridge connects to the 4-CPU array.

Optimizing Performance

To maximize traffic throughput, see the following best practices, in order of importance:

1. Have equal amounts of traffic on both I/O bridges. See the "I/O Bridges" section for more information about which slots are connected to each bridge.

Because of the way the I/O bridges connect to the 4-CPU array, having equal amounts of traffic on the two I/O bridges means less latency when the traffic is distributed to the CPUs.

2. Keep traffic flow within the same I/O bridge.

You should keep traffic contained to a single bridge if possible, rather than have traffic travel between the bridges. Having traffic travel between the bridges incurs higher latency. Traffic between two ports on a single adapter is also advantageous.

The ideal traffic distribution would be that half the traffic stays on slots 7 and 8, while the other half of the traffic stays on slots 3 through 6 (acheiving both best practices above). If you cannot achieve both practices, then you should use best practice 1, equal distribution between the bridges.

For example if you purchase two 10-Gigabit Ethernet adapters, you should put one in high-capacity bus slot 5 on bridge 1, and the other in high-capacity bus slot 7 or 8 on bridge 2. Do not place both in slots 7 and 8 on the same bridge while slots 3 through 6 remain un- or under-populated. (See the "Expansion Slots and PCI Buses" section for more information about bus types.)

Interface Numbering

Interfaces are named interface_type slot/port.

The expansion slot numbers are 1 through 9, and increase from right to left. Slot 0 is used for the built-in Management interfaces. Slots 1, 2, and 9 are reserved.

On a network interface adapter, the interfaces are numbered from 0 through 3 (depending on the number of interfaces on the adapter) from the top to the bottom.

For example, for a Gigabit Ethernet adapter installed in slot 3, the second interface from the top is called:

GigabitEthernet 3/1

For a 10-Gigabit Ethernet adapter in slot 7, the top interface is called:

TenGigabitEthernet 7/0

Auto-MDI/MDIX Feature

For RJ-45 interfaces, the default auto-negotiation setting also includes the Auto-MDI/MDIX feature. Auto-MDI/MDIX eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase. Either the speed or duplex must be set to auto-negotiate to enable Auto-MDI/MDIX for the interface. If you explicitly set both the speed and duplex to a fixed value, thus disabling auto-negotiation for both settings, then Auto-MDI/MDIX is also disabled. For Gigabit Ethernet, when the speed and duplex are set to 1000 and full, then the interface always auto-negotiates; therefore Auto-MDI/MDIX is always enabled and you cannot disable it.

Specifications

Table 1-5 lists the specifications for ASA 5580.

Table 1-5 ASA 5580 Specifications 

Memory
 

DRAM

5580-20: 8 GB

5580-40: 12 GB

Compact Flash

1 GB

Dimensions and Weight
 

Height

6.94 in. (17.6 cm)

Width

19.0 in. (46.3 cm)

Depth

26.5 in. (67.3 cm)

Weight1

105 lb (47.6 kg)

Form factor

4 RU, standard 19-inch rack-mountable

Power
 

Rated input voltage

100 to 127 VAC
200 to 240 VAC

Rated input frequency

50 to 60 Hz

Rated input power

1161W @ 100 VAC
1598W @ 200 VAC

Rated input current

12A (100 VAC)
8A (200 VAC)

Maximum heat dissipation

3960 BTU/hr (100 VAC)
5450 BTU/hr (200 VAC)

Power supply output

910 W (low line)
1300 W (high line)

Environment
 

Temperature

Operating 50 to 95°F (10 to 35°C)2
Nonoperating -40°F to 158°F (-40°C to 70°C)

Maximum wet bulb temperature

82.4°F (28°C)

Relative humidity (noncondensing)

Operating 10% to 90%
Nonoperating 5% to 95%

Altitude

Operating 0 to 6500 ft (2000 m)
Nonoperating 0 to 30,000 ft (9144 m)

Shock

Operating Half-sine 2 G, 11 ms pulse, 100 pulses
Nonoperating 25 G, 170 inches/sec delta V

Vibration

2.2 Grms, 10 minutes per axis on all three axes

1 With full card installation and two power supplies.

2 At sea level with an altitude derating of 1.8°F per every 1000 ft (1.0°C per every 3.0m) above sea level to a maximum of 10,000 ft (3050 m). no direct sustained sunlight.


In a failover configuration, the two units must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of DRAM.


Note The two units do not have to have the same size flash memory. If using units with different flash memory sizes in your failover configuration, make sure the unit with the smaller flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger flash memory to the unit with the smaller flash memory will fail.