Saturday, September 2, 2023

Troubleshoot Cisco Firepower ASA 2100 PSU via FXOS

I had to troubleshoot a power issue and failover in a High Availability (HA) pair of Cisco FPR 2120 in ASA Appliance mode.

ciscoasa/sec/act# show failover state

               State          Last Failure Reason      Date/Time
This host  -   Secondary
               Active         None
Other host -   Primary
               Standby Ready  Comm Failure             03:33:34 UTC Jun 26 2023


====Configuration State===
        Sync Done
        Sync Done - STANDBY
====Communication State===
        Mac set

 

The ASA show environment had limited info or output.

ciscoasa/sec/act# show inventory
Name: "Chassis", DESCR: "Firepower 2120 Appliance, 1RU, 12 GE, 4 xSFP, 1 MGMT"
PID: FPR-2120          , VID: V04     , SN: TSP2621ABCD

Name: "Storage Unit 1", DESCR: "Micron_5300_MTFDDAK100TDT"
PID: FPR2K-SSD100, VID: N/A, SN: MSA25071234

Name: "power supply 1", DESCR: ""
PID: N/A, VID: N/A, SN: N/A

Name: "fan 1", DESCR: ""
PID: N/A, VID: N/A, SN: N/A

Name: "fan 2", DESCR: ""
PID: N/A, VID: N/A, SN: N/A

Name: "fan 3", DESCR: ""
PID: N/A, VID: N/A, SN: N/A

Name: "fan 4", DESCR: ""
PID: N/A, VID: N/A, SN: N/A


ciscoasa/sec/act# show environment

Cooling Fans:
-----------------------------------

   Chassis Fans:
   --------------------------------
   Fan 1: 6780 RPM - OK
   Fan 2: 5160 RPM - OK

   Power Supplies:
   --------------------------------

Power Supplies:
-----------------------------------

   Temperature:
   --------------------------------

   Cooling Fans:
   --------------------------------

Temperature:
-----------------------------------

   Processors:
   --------------------------------
   Processor 1: 58.0 C - OK  (Switching Board CPU Temperature)
   Processor 2: 33.0 C - OK  (Blade CPU Temperature)

   Chassis:
   --------------------------------
   Ambient 1: 22.0 C - OK  (Inlet Temperature)
   Ambient 2: 35.0 C - OK  (Internal Temperature)
   Ambient 3: 29.0 C - OK  (Outlet 1 Temperature)
   Ambient 4: 28.0 C - OK  (Outlet 2 Temperature)

   Power Supplies:
   --------------------------------

Voltage:
-----------------------------------

Power Consumption:
-----------------------------------


ciscoasa/sec/act# failover exec mate show environment   // PRIMARY ASA

Cooling Fans:
-----------------------------------

   Chassis Fans:
   --------------------------------
   Fan 1: 5160 RPM - OK
   Fan 2: 5220 RPM - OK

   Power Supplies:
   --------------------------------

Power Supplies:
-----------------------------------

   Temperature:
   --------------------------------

   Cooling Fans:
   --------------------------------

Temperature:
-----------------------------------

   Processors:
   --------------------------------
   Processor 1: 64.0 C - OK  (Switching Board CPU Temperature)
   Processor 2: 41.0 C - OK  (Blade CPU Temperature)

   Chassis:
   --------------------------------
   Ambient 1: 26.0 C - OK  (Inlet Temperature)
   Ambient 2: 41.0 C - OK  (Internal Temperature)
   Ambient 3: 35.0 C - OK  (Outlet 1 Temperature)
   Ambient 4: 35.0 C - OK  (Outlet 2 Temperature)

   Power Supplies:
   --------------------------------

Voltage:
-----------------------------------

Power Consumption:
-----------------------------------


The FXOS CLI command show chassis environment had more useful info. You can only issue the connect fxos in admin context.

ciscoasa/sec/act/admin# changeto system
ciscoasa/sec/act# connect ?
<BLANK>

ciscoasa/sec/act# show fxos mode
Mode is currently set to appliance

ciscoasa/sec/act/admin# connect ?

  fxos  Connect to FXOS Service Manager.
ciscoasa/sec/act/admin# connect fxos
Configuring session.
.
Connecting to FXOS.
...
Connected to FXOS. Escape character sequence is 'CTRL-^X'.

NOTICE: You have connected to the FXOS CLI with read-only privileges.
For admin level privileges connect using 'connect fxos admin'.
Config commands and commit-buffer are not supported in appliance mode.


<OUTPUT TRUNCATED>

You can use the variants of show chassis command to troubleshoot the appliance.


firepower-2120# show    
  chassis              Chassis
  cli                  CLI Information
  clock                Clock
  configuration        Configuration
  eth-uplink           Ethernet Uplink
  event                Event Management
  fabric-interconnect  Show NGFW
  fault                Fault
  fxos-mode            Fxos-mode
  identity             Identity
  ntp-overall-status   NTP Overall Time-Sync Status
  registry-repository  Registry Repository
  security             security mode
  server               Server
  system               Systems
  timezone             Set timezone
  version              System version


firepower-2120# show chassis
  1-1             Chassis ID
  <CR>              
  >               Redirect it to a file
  >>              Redirect it to a file in append mode
  decommissioned  Decommissioned
  detail          Detail
  environment     Environment
  fabric          Fabric
  fi-iom          FI-IO Module
  fsm             FSM
  inventory       Inventory Information
  iom             IO Module
  psu             PSU
  |               Pipe command output to filter

firepower-2120# show chassis psu
Chassis    PSU        Type    Wattage (W) Overall Status
---------- ---------- ------- ----------- --------------
         1          1 N/A     0           Operable


firepower-2120# show chassis environment
Chassis 1:
    Overall Status: Operable
    Operability: Operable
    Power State: Ok
    Thermal Status: Ok


firepower-2120# show chassis environment psu
Chassis 1:
    Overall Status: Operable
    Operability: Operable
    Power State: Ok
    Thermal Status: Ok

    PSU 1:
        Overall Status: Operable
        Operability: Operable
        Power State: On
        Voltage Status: Ok

 

Issue a connect asa to return to ASA CLI.

firepower-2120# connect asa
Connection with FXOS terminated.
Type help or '?' for a list of available commands.
ciscoasa/sec/act/admin#