Cisco ASA 5580 Adaptive Security Appliance Hardware Installation Guide
ASA 5580
Download this chapter
ASA 5580ASA 5580
Download the complete book
Cisco ASA 5580 Adaptive Security Appliance Hardware Installation Guide Cisco ASA 5580 Adaptive Security Appliance Hardware Installation Guide (PDF - 4 MB)
give_us_feedback

Table Of Contents

Overview

Product Overview

Ports and LEDs

Front Panel LEDs

Rear Panel LEDs and Ports

Internal Components

Diagnostic Panel

Specifications

Memory Requirements


Overview

Read through the entire guide before beginning any of the procedures in this book.

Warning Only trained and qualified personnel should install, replace, or service this equipment. Statement 49

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5580 and follow proper safety procedures when performing these steps.

This section describes the product and the memory requirements and includes the following topics:

Product Overview

Memory Requirements

Product Overview

The Cisco ASA 5580 series adaptive security appliance comes in two models the ASA 5580-20 and ASA 5580-40. In addition to world-class performance, the Cisco ASA 5580s also introduces new features and capabilities in the areas of scalable logging, system environmental monitoring, VPN Remote Access user limits, 10 Gigabit Ethernet interfaces, and more.

The ASA 5580-20 delivers 5 Gigabits per second of TCP traffic and UDP performance is even greater. Many features in the system are made multi-core capable to achieve this high throughput. In addition the system delivers greater than 60,000 TCP connections per second and supports up to 1 million connections.

The ASA 5580-40 delivers 10 Gigabits per second of TCP traffic and similar to ASA 5580-20 the UDP performance will be even greater. The ASA 5580-40 delivers greater than 120,000 TCP connections per second and up to 2 million connections in total.

The ASA 5580-20 and the ASA 5580-40 supports 50 security contexts and up to 100 VLAN interfaces (250 VLAN interfaces will be supported in a future release) and 1 Gigabit of IPSec VPN 3DES performance. They support up to 24 Gigabit data ports or up to 12 Ten Gigabit data ports as well as two additional Gigabit ports for management. Optional redundant, hot-swappable power capabilities are available as well as hot-swappable cooling fans in case of a fan failure.

NetFlow version 9 will be used to export information about the progression of a flow from start to finish. The NetFlow implementation will export records indicating significant events in the life of a flow. This is different from traditional NetFlow which exports data about flows at regular intervals. The NetFlow module will also export records about the flows that are denied by Access Lists. You can configure an ASA 5580 to send the following events using NetFlow:

Flow Creation

Flow Teardown

Flow Denied - Only flows denied by ACL will be reported in the first release.

Additionally, the adaptive security appliance software supports Cisco Adaptive Security Device Manager (ASDM). ASDM delivers world-class security management and monitoring through an intuitive, easy-to-use web-based management interface. Bundled with the adaptive security appliance, ASDM accelerates adaptive security appliance deployment with intelligent wizards, robust administration tools, and versatile monitoring services that complement the advanced integrated security and networking features offered by the market-leading suite of the adaptive security appliance. Its secure, web-based design enables anytime, anywhere access to adaptive security appliances.

The system includes environmental monitoring which tracks the operational status of the fans and power supplies. In addition, it tracks the temperatures of the CPUs and the ambient temperature of the system. ASDM provides you with a quick view into these items on the Device Dashboard and the new show environment command has been introduced to provide the information as well.

The ASA 5580 will also support up to 1000 SSL VPN peers, and up to 10,000 total VPN peers.

This release also introduces support for 10 Gigabit Ethernet interfaces and support for jumbo frames up to 9216.

In addition to the above, enhancements have been made to many existing commands to provide greater visibility to the operations of the high performance ASA 5580. You will find changes in the following commands: show version, show activation-key, show interface, show tech, show asp, and more.

This section includes the following sections:

Ports and LEDs

Internal Components

Diagnostic Panel

Specifications

Ports and LEDs

This section describes the front and rear panels. This section includes the following topics:

Front Panel LEDs

Rear Panel LEDs and Ports

Front Panel LEDs

Figure 1-1 shows the LEDs on the front panel of the Cisco ASA 5580.

Figure 1-1 Front View

1

Active LED

2

System LED

3

Power Status LED

4

Management 0/0 LED

5

Management 0/1 LED

6

Power


Table 1-1 describes the front panel switches and indicators on Cisco ASA 5580 series adaptive security appliance.

Table 1-1 Front Panel Switches and Indicators

Indicator
Description

Active1

Indicates the Active and Standby Failover status of the chassis:

On—Failover active

Off—Standby Status

System indicator

Indicates internal system health:

Green—System on

Flashing amber—System health degraded

Flashing red—System health critical

Off—System off

Power status indicator

Indicates the power supply status:

Green—Power supply on

Flashing amber—Power supply health degraded

Flashing red—Power supply health critical

Off—Power supply off

MGMT0/0 indicator

Indicates the status of the management port:

Green—Linked to network

Flashing green—Linked with activity on the network

Off—No network connection

MGMT0/1 indicator

Indicates the status of the management port:

Green—Linked to network

Flashing green—Linked with activity on the network

Off—No network connection

Power switch and indicator

Turns power on and off:

Amber—System has AC power and is in standby mode

Green—System has AC power and is turned on

Off—System has no AC power

1 On a standalone device, this button is always on. In Active/Standby pairs, it is on for the active unit and off for the standby unit. In Active/Active pairs, it is on for any unit with an active failover group. Furthermore, when the system software causes the button to light (because it is active or standalone), pushing the button does nothing. It stays lit. When the system software causes the button to be off, pushing the button lights it. Pushing the button again will cause it to turn off again.


For more information on the Management Port, see the management-only command in the Cisco ASA 5580 Adaptive Security Appliance Command Reference.

Rear Panel LEDs and Ports

Figure 1-2 shows the rear panel LEDs and ports.

Figure 1-2 Back Panel Features

1

Power supply

2

Interface expansion slots

3

Power supply

4

T-15 Torx screwdriver

5

USB ports

6

Reserved slot

7

Example of a populated slot

8

Reserved slot

9

Console port

10

Management ports


Figure 1-3 shows the activity indicators on the Ethernet ports, which has two indicators per port and the power supply indicators.

Figure 1-3 Rear Panel LEDs

1

Power indicator

2

Link indicator

3

Activity indicator

 

Table 1-2 describes the Ethernet port indicators. The behavior of the port indicators varies based on the type of port—management port, port in a Gigabit Ethernet interface card, port in a 10-Gigabit Ethernet Fiber interface card, or a port in a Gigabit Ethernet Fiber interface card.

Table 1-2 Ethernet Port Indicators 

Indicator
Description

Gigabit Ethernet

Green (top): link to network

Flashing Green (top): linked with activity on the network

Amber (bottom): Speed 1000

Green (bottom): Speed 100

Off (bottom): Speed 10

10-Gigabit Ethernet Fiber (one LED)

Green: link to network

Flashing green: linked with activity on the network

Management port

Green (right): link to network

Flashing green (left): linked with activity on the network


Table 1-3 describes the power supply indicators.

Table 1-3 Power Supply Indicators

Fail Indicator 1
Amber
Power Indicator 2
Green
Description

Off

Off

No AC power to any power supply

Flashing

Off

Power supply failure (over current)

On

Off

No AC power to this power supply

Off

Flashing

AC power present

Standby mode

Off

On

Normal


Internal Components

Figure 1-4 shows the internal components of the Cisco ASA 5580 series adaptive security appliance.

Figure 1-4 Internal Components

1, 3

Power supply

4, 5, 7

Fans

2

Interface expansion slots

6

Diagnostic panel


Diagnostic Panel

The front panel LEDs indicate hardware status at a high level. The Diagnostic Panel indicators identifies individual components experiencing an error, event, or failure. All indicators are off unless one of the component fails.

Note When you remove the chassis cover to view the Diagnostic Panel, leave Cisco ASA 5580 powered on. Powering off the Cisco ASA 5580 clears the Diagnostic Panel indicators.

Figure 1-5 shows the Diagnostic Panel. For the location of the Diagnostic Panel in the Cisco ASA 5580 chassis, see the "Internal Components" section. For information on how to access the Diagnostic Panel, see the "Accessing the Diagnostic Panel" section on page 4-4.

Figure 1-5 Diagnostic Panel

Table 1-4 Diagnostic Panel Indicators

Indicator
Component

PS1

Power supply (primary)

PS2

Power supply (optional)

CPU BD (power fault)

Processor memory module board

I/O BD

System board

NMI

System NMI switch

CPU BD (interlock error)

System board

PPM X

Processor power module

1A-32D

DIMM Slot

PROC X

Processor

FAN X

Fan


Table 1-4 lists the indicators that display health status for each component:

Specifications

Table 1-5 lists the specifications for Cisco ASA 5580 series adaptive security appliance.

Table 1-5 Adaptive Security Appliance Specifications 

Dimensions and Weight
 

Height

6.94 in. (17.6 cm)

Width

19.0 in. (46.3 cm)

Depth

26.5 in. (67.3 cm)

Weight1

105 lb (47.6 kg)

Form factor

4 RU, standard 19-inch rack-mountable

Power
 

Rated input voltage

100 to 127 VAC
200 to 240 VAC

Rated input frequency

50 to 60 Hz

Rated input power

1161W @ 100 VAC
1598W @ 200 VAC

Rated input current

12A (100 VAC)
8A (200 VAC)

Maximum heat dissipation

3960 BTU/hr (100 VAC)
5450 BTU/hr (200 VAC)

Power supply output

910 W (low line)
1300 W (high line)

Environment
 

Temperature

Operating 50 to 95°F (10 to 35°C)2
Nonoperating -40°F to 158°F (-40°C to 70°C)

Maximum wet bulb temperature

82.4°F (28°C)

Relative humidity (noncondensing)

Operating 10% to 90%
Nonoperating 5% to 95%

Altitude

Operating 0 to 6500 ft (2000 m)
Nonoperating 0 to 30,000 ft (9144 m)

Shock

Operating Half-sine 2 G, 11 ms pulse, 100 pulses
Nonoperating 25 G, 170 inches/sec delta V

Vibration

2.2 Grms, 10 minutes per axis on all three axes

1 With full card installation and two power supplies.

2 At sea level with an altitude derating of 1.8°F per every 1000 ft (1.0°C per every 3.0m) above sea level to a maximum of 10,000 ft (3050 m). no direct sustained sunlight.


Memory Requirements

The default DRAM memory is 4096MB and the default internal flash memory is 1024MB for the Cisco ASA 5580.

In a failover configuration, the two units must have the same hardware configuration They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Note The two units do not have to have the same size Flash memory. If using units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory will fail.

For more information, see the Configuring Failover chapter in the Cisco Security Appliance Command Line Configuration Guide.