Cisco 5580-40 - ASA Firewall Edition, ASA 5580 Hardware Installation Manual

Download

Page 1

Cisco ASA 5580 Hardware Installation Guide

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Text Part Number: OL-12920-01

Page 2

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense.

The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Cisco’s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation.

Modifying the equipment without Cisco’s written authorization may result in the equipment no longer complying with FCC requirements for Class A or Class B digital devices. In that event, your right to use the equipment may be limited by FCC regulations, and you may be required to correct any interference to radio or television communications at your own expense.

You can determine whether your equipment is causing interference by turning it off. If the interference stops, it was probably caused by the Cisco equipment or one of its peripheral devices. If the equipment causes interference to radio or television reception, try to correct the interference by using one or more of the following measures:

• Turn the television or radio antenna until the interference stops.

• Move the equipment to one side or the other of the television or radio.

• Move the equipment farther away from the television or radio.

• Plug the equipment into an outlet that is on a different circuit from the television or radio. (That is, make certain the equipment and the television or radio are on circuits controlled by different circuit breakers or fuses.)

Modifications to this product not authorized by Cisco Systems, Inc. could void the FCC approval and negate your authority to operate the product.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership

relationship between Cisco and any other company. (1110R)

Cisco ASA 5580 Hardware Installation Guide

IMPLIED, INCLUDING, WITHOUT

Page 3

CONTENTS

About This Guide vii

Document Objectives vii

Audience vii

Installation Warnings vii

Where to Find Safety and Warning Information xi

Obtaining Documentation and Submitting a Service Request xi

CHAPTER

1 Introduction to the ASA 5580 1-1

Package Contents 1-2

Model Variants 1-2

Front and Rear Panel Overview 1-3

Front Panel 1-3 Rear Panel 1-4

Rear Panel Overview 1-5 Ethernet Port Activity Indicators 1-6 Power Supply Indicators 1-7

Internal Components 1-8

Diagnostic Panel 1-9

Network Interfaces 1-10

Built-In Management Interfaces 1-10 Expansion Slots and PCI Buses 1-10 PCI Adapters 1-11

4-Port Gigabit Ethernet Copper PCI Adapter 1-11 4-Port Gigabit Ethernet Fiber PCI Adapter 1-11

2-Port 10-Gigabit Ethernet Fiber PCI Adapter 1-11 I/O Bridges 1-12 Interface Numbering 1-13 Auto-MDI/MDIX Feature 1-13

Specifications 1-13

CHAPTER

2 Safety and Site Requirements 2-1

Safety Recommendations 2-1

Maintaining Safety with Electricity 2-1 Preventing Electrostatic Discharge Damage 2-2

OL-12920-01

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

iii

Page 4

Contents

General Site Requirements 2-2

Site Environment 2-3 Preventive Site Configuration 2-3 Power Supply Considerations 2-3 Configuring Equipment Racks 2-4

CHAPTER

3 Installing the ASA 5580 3-1

Rack-Mounting the Chassis 3-1

Connecting Interface Cables 3-9

Installing the FIPS Enclosure 3-13

Before You Begin 3-13 Overview 3-14 Installing the FIPS Enclosure 3-15

Installing the Front Shield Assembly 3-15 Installing the Rear Shield Assembly 3-18

Applying Tamper Evident Labels 3-19

4 Maintenance and Upgrade Procedures 4-1

Removing and Replacing the Chassis Cover 4-1

Removing the Chassis Cover 4-2 Replacing the Chassis Cover 4-4

Accessing the Diagnostic Panel 4-4

Removing and Installing the Interface Cards 4-4

Removing the Interface Cards 4-5 Installing an Interface Cards 4-6

Removing and Installing the Power Supply 4-6

Removing the Power Supply 4-6 Installing the Power Supply 4-9

Removing and Installing Fans 4-10

Removing the Fan 4-11

Installing the Fan 4-12

Upgrading the ASA 5580-20 to an ASA 5580-40 4-13

Prerequisites 4-13 Accessing the Processor Memory Module 4-13 Installing a Processor 4-15

Troubleshooting Loose Connections 4-24

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

OL-12920-01

Page 5

Contents

APPENDIX

NDEX

A Cable Pinouts A-1

10/100/1000BaseT Ports A-1

Console Port (RJ-45) A-2

Console RJ-45 to DB-9 Adapter A-3

SFP Fiber Ports A-4

OL-12920-01

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

Page 6

Contents

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

OL-12920-01

Page 7

About This Guide

This preface includes the following sections:

• Document Objectives, page vii

• Audience, page vii

• Installation Warnings, page vii

• Obtaining Documentation and Submitting a Service Request, page xi

Document Objectives

This guide describes how to perform maintenance procedures on the Cisco ASA 5580.

Audience

This guide is for network administrators who install firewalls.

Installation Warnings

Be sure to read the Regulatory Compliance and Safety Information for the Cisco ASA 5580 document that accompanied this device before installing the chassis. This document contains important safety information. This section includes the following warnings:

• AC Power Disconnection Warning, page viii

• Jewelry Removal Warning, page viii

• Wrist Strap Warning, page viii

• Work During Lightning Activity Warning, page viii

• Installation Instructions Warning, page viii

• Chassis Warning for Rack-Mounting and Servicing, page ix

• Short-Circuit Protection Warning, page ix

• SELV Circuit Warning, page ix

• Ground Conductor Warning, page ix

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

vii

Page 8

• Blank Faceplates and Cover Panels Warning, page ix

• Product Disposal Warning, page ix

• Short-Circuit Protection Warning, page x

• Compliance with Local and National Electrical Codes Warning, page x

• TN Power Warning, page x

• Multiple Power Cord, page x

• Circuit Breaker (15A) Warning, page x

• Grounded Equipment Warning, page x

• Safety Cover Requirement, page x

• Faceplates and Cover Panel Requirement, page xi

AC Power Disconnection Warning

About This Guide

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units.

Statement 246

Jewelry Removal Warning

Warning

Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces, and watches). Metal objects will heat up when connected to power and ground and can cause serious burns or weld the metal object to the terminals.

Wrist Strap Warning

Warning

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

Work During Lightning Activity Warning

Warning

Do not work on the system or connect or disconnect cables during periods of lightning activity.

Statement 1001

Statement 43

Statement 94

Installation Instructions Warning

Warning

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

Read the installation instructions before connecting the system to the power source.

viii

Statement 1004

OL-12920-01

Page 9

About This Guide

Chassis Warning for Rack-Mounting and Servicing

Warning

this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack.If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.

Short-Circuit Protection Warning

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building installation. Install only in accordance with national and local wiring regulations.

SELV Circuit Warning

Warning

To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.

Ground Conductor Warning

This unit should be mounted at the bottom of the rack if it is the only unit in the rack.When mounting

Statement 1006

Statement 1045

Statement 1021

Warning

This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.

Blank Faceplates and Cover Panels Warning

Warning

Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.

1029

Product Disposal Warning

Warning

Ultimate disposal of this product should be handled according to all national laws and regulations.

Statement 1040

Statement 1024

Statement

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

Page 10

Short-Circuit Protection Warning

About This Guide

Warning

This product requires short-circuit (overcurrent) protection, to be provided as part of the building installation. Install only in accordance with national and local wiring regulations.

Compliance with Local and National Electrical Codes Warning

Warning

Installation of the equipment must comply with local and national electrical codes.

TN Power Warning

Warning

The device is designed to work with TN power systems.

Multiple Power Cord

Warning

This unit has more than one power cord. To reduce the risk of electric shock when servicing a unit, disconnect the power cord of the power strip that the unit is plugged into.

Circuit Breaker (15A) Warning

Statement 1045

Statement 1074

Statement 19

Statement 137

Warning

This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 phase conductors (all current-carrying conductors).

Grounded Equipment Warning

Warning

This equipment is intended to be grounded. Ensure that the host is connected to earth ground during normal use.

Safety Cover Requirement

Warning

The safety cover is an integral part of the product. Do not operate the unit without the safety cover installed. Operating the unit without the cover in place will invalidate the safety approvals and pose a risk of fire and electrical hazards.

VAC, 15A U.S. (240 VAC, 10A international) is used on the

Statement 13

Statement 39

Statement 117

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

OL-12920-01

Page 11

About This Guide

Faceplates and Cover Panel Requirement

Warning

142

Statement

Where to Find Safety and Warning Information

For safety and warning information, see the Regulatory Compliance and Safety Information for the Cisco

ASA 5580 document that accompanied the product. This document describes the international

agency compliance and safety information for the adaptive security appliance. It also includes translations of the safety warnings.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s revised Cisco

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS

technical documentation, at:

Ve r si o n 2.0.

New in Cisco Product Documentation, which also lists all new and

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

Page 12

About This Guide

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

xii

OL-12920-01

Page 13

CHAP T ER

Introduction to the ASA 5580

Read through the entire guide before beginning any of the procedures in this book.

Warning

Caution Read the safety warnings in the Regulatory Compliance and Safety Information for the Cisco ASA 5580

Only trained and qualified personnel should install, replace, or service this equipment.

and follow proper safety procedures when performing these steps.

This chapter describes the product and the memory requirements and includes the following topics:

• Package Contents, page 1-2

• Model Variants, page 1-2

• Front and Rear Panel Overview, page 1-3

• Internal Components, page 1-8

• Diagnostic Panel, page 1-9

Statement 49

OL-12920-01

• Network Interfaces, page 1-10

• Specifications, page 1-13

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-1

Page 14

Package Contents

23456

Chapter 1 Introduction to the ASA 5580

Cisco ASA 5580 SERIES Adaptive Security Appliance

UID

SYSTEM

PWR STATUS

MGMT 0

MGMT 1

Adaptive Security

Cisco ASA

Appliance

Product CD

Cisco ASA Adaptive

Security Appliance Product Card

Cisco ASA Adaptive

Security Appliance

Quick Start

Guide

300012

1 ASA 5580 Series Chassis 2 RJ-45 to DB-9 Adapter

3 2 Yellow Ethernet Cables 4 Documentationt and Software CD

5 Blue Console Cable PC Terminal Adapter

In addition to the contents shown in the figure above, the contents of the ASA 5580 package include the rail system kit. The rail system kit contains the following items:

• Two slide assemblies

• Two chassis rails

• Four Velcro straps

• Six zip ties

• One cable management arm

• A package of miscellaneous parts (screws, and so forth)

• One cable management arm stop bracket

Model Variants

The Cisco ASA 5580 comes in two models:

• ASA 5580-20—Includes 2 processors.

• ASA 5580-40—Includes 4 processors.

The 5580-40 also includes more DRAM by default.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-2

OL-12920-01

Page 15

Chapter 1 Introduction to the ASA 5580

To upgrade from the ASA 5580-20 to the ASA 5580-40, see the “Upgrading the ASA 5580-20 to an ASA

5580-40” section on page 4-13.

Front and Rear Panel Overview

This section describes the front and rear panels and includes the following topics:

• Front Panel, page 1-3

• Rear Panel, page 1-4

Front Panel

Figure 1-1 shows the front panel.

Figure 1-1 Front Panel

Front and Rear Panel Overview

2 3 45678

1 Active LED 2 System LED

3 Power Status LED 4 Management 0/0 LED

5 Management 0/1 LED 6 Power

Cisco IPS 4270 SERIES Intrusion Prevention Sensor

MT 0

UID

PWR STATU S

MGMT 1

SYSTEM

241233

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-3

Page 16

Front and Rear Panel Overview

Table 1-1 describes the front panel switches and indicators on ASA 5580.

Ta b l e 1-1 Front Panel Switches and Indicators

Indicator Description

Active1t

System indicator Indicates internal system health:

Power status indicator Indicates the power supply status:

Chapter 1 Introduction to the ASA 5580

Indicates the Active and Standby Failover status of the chassis:

• On—Failover active

• Off—Standby Status

• Green—System on

• Flashing amber—System health degraded

• Flashing red—System health critical

• Off—System off

• Green—Power supply on

• Flashing amber—Power supply health degraded

• Flashing red—Power supply health critical

Rear Panel

• Off—Power supply off

MGMT0/0 indicator Indicates the status of the management port:

• Green—Linked to network

• Flashing green—Linked with activity on the network

• Off—No network connection

MGMT0/1 indicator Indicates the status of the management port:

• Green—Linked to network

• Flashing green—Linked with activity on the network

• Off—No network connection

Power switch and indicator Turns power on and off:

• Amber—System has AC power and is in standby mode

• Green—System has AC power and is turned on

• Off—System has no AC power

1. On a standalone device, this button is always on. In Active/Standby pairs, it is on for the active unit and off for the standby unit. In Active/Active pairs, it is on for any unit with an active failover group. Furthermore, when the system software causes the button to light (because it is active or standalone), pushing the button does nothing. It stays lit. When the system software causes the button to be off, pushing the button lights it. Pushing the button again will cause it to turn off again.

• Rear Panel Overview, page 1-5

• Ethernet Port Activity Indicators, page 1-6

• Power Supply Indicators, page 1-7

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-4

OL-12920-01

Page 17

Chapter 1 Introduction to the ASA 5580

23456789

PCI-E x4

PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100 MHz

PS2

PS1

UID

MGMT0/0

MGMT0/1

CONSOLE

241226

1 3 42

5 6 8 9 107

Rear Panel Overview

Figure 1-2 shows the rear panel.

Figure 1-2 Rear Panel

Front and Rear Panel Overview

1 Power supply 2 Interface expansion slots

3 Power supply 4 T-15 Torx screwdriver

5 USB ports 6 Reserved slot

7 Example of a populated slot 8 Reserved slot

9 Console port 10 Management ports

For more information about the network interfaces, see the “Network Interfaces” section on page 1-10.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-5

Page 18

Front and Rear Panel Overview

23456789

PCI-E x4

PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100 MHz

PS2

PS1

UID

MGMT0/0

MGMT0/1

241230

CONSOLE

2 3

Ethernet Port Activity Indicators

Figure 1-3 shows the activity indicators on the Ethernet ports, which has two indicators per port and the

power supply indicators.

Figure 1-3 Rear Panel LEDs

Chapter 1 Introduction to the ASA 5580

1 Power indicator 2 Link indicator

3 Activity indicator

Table 1-2 describes the Ethernet port indicators. The behavior of the port indicators varies based on the

type of port—management port, port in a Gigabit Ethernet interface card, port in a 10-Gigabit Ethernet Fiber interface card, or a port in a Gigabit Ethernet Fiber interface card.

Ta b l e 1-2 Ethernet Port Indicators

Indicator Description

Gigabit Ethernet Green (top): link to network

Flashing Green (top): linked with activity on the network

Amber (bottom): Speed 1000

Green (bottom): Speed 100

Off (bottom): Speed 10

10-Gigabit Ethernet Fiber (one LED)

Green: link to network

Flashing green: linked with activity on the network

Management port Green (right): link to network

Flashing green (left): linked with activity on the network

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-6

OL-12920-01

Page 19

Chapter 1 Introduction to the ASA 5580

Power Supply Indicators

Table 1-3 describes the power supply indicators.

Ta b l e 1-3 Power Supply Indicators

Front and Rear Panel Overview

Fail Indicator 1 Amber

Power Indicator 2 Green

Description

Off Off No AC power to any power supply

Flashing Off Power supply failure (over current)

On Off No AC power to this power supply

Off Flashing • AC power present

• Standby mode

Off On Normal

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-7

Page 20

Internal Components

Figure 1-4 shows the internal components of the ASA 5580.

Figure 1-4 Internal Components

Chapter 1 Introduction to the ASA 5580

1 3

1, 3 Power supply 4, 5, 7 Fans

2 Interface expansion slots 6 Diagnostic panel

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-8

241974

OL-12920-01

Page 21

Chapter 1 Introduction to the ASA 5580

Diagnostic Panel

The front panel LEDs indicate hardware status at a high level. The Diagnostic Panel indicators identifies individual components experiencing an error, event, or failure. All indicators are off unless one of the component fails.

Note When you remove the chassis cover to view the Diagnostic Panel, leave ASA 5580 powered on.

Powering off the ASA 5580 clears the Diagnostic Panel indicators.

Figure 1-5 shows the Diagnostic Panel. For the location of the Diagnostic Panel in the ASA 5580 chassis,

see the “Internal Components” section on page 1-8. For information on how to access the Diagnostic Panel, see the “Accessing the Diagnostic Panel” section on page 4-4.

Figure 1-5 Diagnostic Panel

Diagnostic Panel

21C

INTERLOCK

ERROR

CPU BD

20B

19B

18A

POWER

FAULT

PPM2PPM4

PS1

25A

PS2

10A

26A

I/O BD

CPU BD

MEMORY

11B

12B

27B

28B

13C

29C

NMI

14C

30C

15D

31D

16D

32D

PROC2

PROC4

FAN 4

FAN 3

FAN 2

FAN 1

FAN6

FAN5

PROC1

PROC3

MEMORY

7D6C5C4B3B2A1A

23D

22C

24D

Table 1-4 lists the indicators that display health status for each component.

Ta b l e 1-4 Diagnostic Panel Indicators

Indicator Component

PS1 Power supply (primary)

PS2 Power supply (optional)

CPU BD (power fault) Processor memory module board

I/O BD System board

NMI System NMI switch

CPU BD (interlock error) System board

PPM X Processor power module

1A-32D DIMM Slot

PROC X Processor

FAN X Fan

PPM1PPM3

17A

250250

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-9

Page 22

Network Interfaces

This section describes the network interfaces available for the ASA 5580, and includes performance guidelines. Look for the “Optimizing Performance” headings for important best practices you should follow when planning your installation.

This section includes the following sections:

• Built-In Management Interfaces, page 1-10

• Expansion Slots and PCI Buses, page 1-10

• PCI Adapters, page 1-11

• I/O Bridges, page 1-12

• Interface Numbering, page 1-13

• Auto-MDI/MDIX Feature, page 1-13

Built-In Management Interfaces

Chapter 1 Introduction to the ASA 5580

The ASA 5580 has two built-in Gigabit Ethernet network interfaces called Management 0/0 and Management 0/1.

Optimizing Performance

The management interfaces are capable of passing through traffic (see the interfaces chapter in the configuration guide). However, the management-only interfaces have not been optimized to pass data traffic and will not perform as well as the interfaces on the adapters.

Expansion Slots and PCI Buses

The ASA 5580 has nine expansion slots:

• Slots 3 through 8—For supported PCI Express network interface adapters.

• Slots 1, 2, and 9—Reserved. Slot 1 is populated by the crypto accelerator and is not available for

use by network interface cards. Slots 2 and 9 are reserved for future use.

The ASA 5580 includes two types of PCI buses:

• Normal Capacity (PCI Express x4 non-hot-plug)—Slots 3, 4, and 6.

• High Capacity (PCI Express x8 non-hot-plug)—Slots 5, 7, and 8.

You can use the show io-bridge command to see the traffic throughput over each bus. For more information about using the command, see the Cisco ASA 5580 Adaptive Security Appliance Command Reference.

Optimizing Performance

You should use the high-capacity slots for 10-Gigabit Ethernet adapters; other adapters can be placed in any slot.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-10

OL-12920-01

Page 23

Chapter 1 Introduction to the ASA 5580

153325

PCI Adapters

The ASA 5580 supports the following PCI adapters:

• 4-Port Gigabit Ethernet Copper PCI Adapter, page 1-11

• 4-Port Gigabit Ethernet Fiber PCI Adapter, page 1-11

• 2-Port 10-Gigabit Ethernet Fiber PCI Adapter, page 1-11

4-Port Gigabit Ethernet Copper PCI Adapter

Provides four 10/100/1000Base-T interfaces. Figure 1-6 shows the Gigabit Ethernet interface card.

Figure 1-6 4-Port Gigabit Ethernet Copper PCI Card

Network Interfaces

4-Port Gigabit Ethernet Fiber PCI Adapter

Provides four 1000Base-SX (fiber) interfaces. These interfaces require a multi-mode fiber cable with an LC connector to connect to the SX interface of the sensor.

Optimizing Performance

• The Gigabit Ethernet Fiber PCI adapter with SR optics has a distance capability of 300 meters. The

adapters are designed to support short distances over deployed multi-mode fiber cabling with a range of between 26 metres (85 ft) and 82 metres (270 ft) depending on cable type.

• The adapter also supports 300 metres (980 ft) operation over new, 50 µm 2000 MHz·km OM3

multi-mode fiber (MMF). The transmitter can be implemented with a VCSEL (Vertical Cavity Surface Emitting Laser).

2-Port 10-Gigabit Ethernet Fiber PCI Adapter

Provides two 10000Base-SX (fiber) interfaces. These interfaces require a multi-mode fiber cable with an LC connector to connect to the SX interface of the sensor.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-11

Page 24

Network Interfaces

190474

Chapter 1 Introduction to the ASA 5580

Figure 1-7 shows the 2-Port 10-Gigabit Ethernet Fiber PCI card.

Figure 1-7 2-Port 10-Gigabit Ethernet Fiber PCI Card

Optimizing Performance

• A 10-Gigabit Ethernet interface can deliver 10-Gigabit Ethernet full-duplex on one port given the

right traffic profile. However, if you use both interfaces on the adapter at 10-Gigabit Ethernet full-duplex, the bus bandwidth limits the combined throughput to under 16 Gbps full-duplex.

• Because of the way packets are load-balanced between the TX and RX rings of the 10-Gigabit

Ethernet interface (based on the source and destination IP address and port), optimum load-balancing, and therefore throughput, is acheived when you have connections in multiples of 64. For example, if you have very few connections, then the TX and RX rings will not be used evenly, and the throughput will be adversely affected.

I/O Bridges

Each PCI bus connects to one of two I/O bridges:

• I/O bridge 1: Slot 3, slot 4, slot 5, and slot 6. Also, Management 0/0 and 0/1.

• I/O bridge 2: Slot 7 and slot 8.

Each bridge connects to the 4-CPU array.

Optimizing Performance

To maximize traffic throughput, see the following best practices, in order of importance:

1. Have equal amounts of traffic on both I/O bridges. See the “I/O Bridges” section on page 1-12 for

more information about which slots are connected to each bridge.

Because of the way the I/O bridges connect to the 4-CPU array, having equal amounts of traffic on the two I/O bridges means less latency when the traffic is distributed to the CPUs.

2. Keep traffic flow within the same I/O bridge.

You should keep traffic contained to a single bridge if possible, rather than have traffic travel between the bridges. Having traffic travel between the bridges incurs higher latency. Traffic between two ports on a single adapter is also advantageous.

The ideal traffic distribution would be that half the traffic stays on slots 7 and 8, while the other half of the traffic stays on slots 3 through 6 (acheiving both best practices above). If you cannot achieve both practices, then you should use best practice 1, equal distribution between the bridges.

For example if you purchase two 10-Gigabit Ethernet adapters, you should put one in high-capacity bus slot 5 on bridge 1, and the other in high-capacity bus slot 7 or 8 on bridge 2. Do not place both in slots 7 and 8 on the same bridge while slots 3 through 6 remain un- or under-populated. (See the

“Expansion

Slots and PCI Buses” section on page 1-10 for more information about bus types.)

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-12

OL-12920-01

Page 25

Chapter 1 Introduction to the ASA 5580

Interface Numbering

Interfaces are named interface_type slot/port.

• The expansion slot numbers are 1 through 9, and increase from right to left. Slot 0 is used for the

built-in Management interfaces. Slots 1, 2, and 9 are reserved.

• On a network interface adapter, the interfaces are numbered from 0 through 3 (depending on the

number of interfaces on the adapter) from the top to the bottom.

For example, for a Gigabit Ethernet adapter installed in slot 3, the second interface from the top is called:

GigabitEthernet 3/1

For a 10-Gigabit Ethernet adapter in slot 7, the top interface is called:

TenGigabitEthernet 7/0

Auto-MDI/MDIX Feature

For RJ-45 interfaces, the default auto-negotiation setting also includes the Auto-MDI/MDIX feature. Auto-MDI/MDIX eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase. Either the speed or duplex must be set to auto-negotiate to enable Auto-MDI/MDIX for the interface. If you explicitly set both the speed and duplex to a fixed value, thus disabling auto-negotiation for both settings, then Auto-MDI/MDIX is also disabled. For Gigabit Ethernet, when the speed and duplex are set to 1000 and full, then the interface always auto-negotiates; therefore Auto-MDI/MDIX is always enabled and you cannot disable it.

Specifications

Table 1-5 lists the specifications for ASA 5580.

Ta b l e 1-5 ASA 5580 Specifications

Memory

DRAM 5580-20: 8 GB

Compact Flash 1 GB

Dimensions and Weight

Height 6.94 in. (17.6 cm)

Width 19.0 in. (46.3 cm)

Depth 26.5 in. (67.3 cm)

Weight

Form factor 4 RU, standard 19-inch rack-mountable

Power

Rated input voltage 100 to 127 VAC

Rated input frequency 50 to 60 Hz

5580-40: 12 GB

105 lb (47.6 kg)

200 to 240 VAC

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-13

Page 26

Specifications

Chapter 1 Introduction to the ASA 5580

Table 1-5 ASA 5580 Specifications (continued)

Rated input power 1161W @ 100 VAC

1598W @ 200 VAC

Rated input current 12A (100 VAC)

8A (200 VAC)

Maximum heat dissipation 3960 BTU/hr (100 VAC)

5450 BTU/hr (200 VAC)

Power supply output 910 W (low line)

1300 W (high line)

Environment

Tem p e r a t ure Operating 50 to 95°F (10 to 35°C)

Nonoperating -40°F to 158°F (-40°C to 70°C)

Maximum wet bulb temperature 82.4°F (28°C)

Relative humidity (noncondensing)

Operating 10% to 90% Nonoperating 5% to 95%

Altitude Operating 0 to 6500 ft (2000 m)

Nonoperating 0 to 30,000 ft (9144 m)

Shock Operating Half-sine 2 G, 11 ms pulse, 100 pulses

Nonoperating 25 G, 170 inches/sec delta V

Vibratio n 2.2 Grms, 10 minutes per axis on all three axes

1. With full card installation and two power supplies.

2. At sea level with an altitude derating of 1.8°F per every 1000 ft (1.0°C per every 3.0m) above sea level to a maximum of 10,000 ft (3050 m). no direct sustained sunlight.

In a failover configuration, the two units must have the same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of DRAM.

Note The two units do not have to have the same size flash memory. If using units with different flash memory

sizes in your failover configuration, make sure the unit with the smaller flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger flash memory to the unit with the smaller flash memory will fail.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

1-14

OL-12920-01

Page 27

Safety and Site Requirements

• Safety Recommendations, page 2-1

• General Site Requirements, page 2-2

Safety Recommendations

Use the following guidelines and the information in the following sections to help ensure your safety and protect the ASA. The list of guidelines may not address all potentially hazardous situations in your working environment, so be alert and exercise good judgement at all times.

Note If you need to remove the chassis cover to install a hardware component, such as additional memory or

an interface card, doing so does not affect your Cisco warranty. Upgrading the ASA does not require any special tools and does not create any radio frequency leaks.

CHAP T ER

The safety guidelines are as follows:

• Keep the chassis area clear and dust-free before, during and after installation.

• Keep tools away from walk areas where you and others could fall over them.

• Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains, that could get caught

in the chassis.

• Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.

• Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.

• Never attempt to lift an object that is too heavy for one person to handle.

This section includes the following topics:

• Maintaining Safety with Electricity, page 2-1

• Preventing Electrostatic Discharge Damage, page 2-2

Maintaining Safety with Electricity

Warning

Before working on a chassis or working near power supplies, unplug the power cord on AC units.

Statement 246

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

2-1

Page 28

General Site Requirements

Follow these guidelines when working on equipment powered by electricity:

• Before beginning procedures that require access to the interior of the chassis, locate the emergency

• Do not work alone if potentially hazardous conditions exist anywhere in your work space.

• Never assume that power is disconnected from a circuit; always check the circuit.

• Look carefully for possible hazards in your work area, such as moist floors, ungrounded power

• If an electrical accident occurs, proceed as follows:

• Use the ASA chassis within its marked electrical ratings and product usage instructions.

Chapter 2 Safety and Site Requirements

power-off switch for the room in which you are working. Then, if an electrical accident occurs, you can act quickly to turn off the power.

extension cables, frayed power cords, and missing safety grounds.

–

Use caution; do not become a victim yourself.

–

Disconnect power from the system.

–

If possible, send another person to get medical aid. Otherwise, assess the condition of the victim and then call for help.

–

Determine if the person needs rescue breathing or external cardiac compressions; then take appropriate action.

• Install the ASA in compliance with local and national electrical codes as listed in the Regulatory

Compliance and Safety Information for the Cisco

• The ASA model equipped with AC-input power supplies are shipped with a 3-wire electrical cord

with a grounding-type plug that fits only a grounding-type power outlet. Do not circumvent this safety feature. Equipment grounding should comply with local and national electrical codes.

Preventing Electrostatic Discharge Damage

Electrostatic discharge (ESD) can damage equipment and impair electrical circuitry. ESD damage occurs when electronic components are improperly handled and can result in complete or intermittent failures.

• Always follow ESD-prevention procedures when removing and replacing components. Ensure that

the chassis is electrically connected to earth ground. Wear an ESD-preventive wrist strap, ensuring that it makes good skin contact. Connect the grounding clip to an unpainted surface of the chassis frame to safely ground ESD voltages. To properly guard against ESD damage and shocks, the wrist strap and cord must operate effectively. If no wrist strap is available, ground yourself by touching the metal part of the chassis.

• For safety, periodically check the resistance value of the antistatic strap, which should be between

1 and 10 megohms (Mohms).

General Site Requirements

ASA 5580 document.

The topics in this section describe the requirements your site must meet for safe installation and operation of your system. Ensure that your site is properly prepared before beginning installation.

This section includes the following topics:

• Site Environment, page 2-3

• Preventive Site Configuration, page 2-3

• Power Supply Considerations, page 2-3

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

2-2

OL-12920-01

Page 29

Chapter 2 Safety and Site Requirements

• Configuring Equipment Racks, page 2-4

Site Environment

Place the chassis on a desktop or mount it on a rack. The location of the chassis and the layout of the equipment rack or wiring room are extremely important for proper system operation. Equipment placed too close together, inadequate ventilation, and inaccessible panels can cause system malfunctions and shutdowns, and can make the chassis maintenance difficult.

When planning the site layout and equipment locations, keep in mind the precautions described in the next section “ possibility of environmentally caused shutdowns. If you are currently experiencing shutdowns or unusually high error rates with your existing equipment, these precautions may help you isolate the cause of failures and prevent future problems.

Preventive Site Configuration, page 2-3,” to help avoid equipment failures and reduce the

Preventive Site Configuration

The following precautions will help plan an acceptable operating environment for the chassis and avoid environmentally caused equipment failures:

General Site Requirements

• Electrical equipment generates heat. Ambient air temperature might not be adequate to cool

equipment to acceptable operating temperatures without adequate circulation. Ensure that the room in which you operate your system has adequate air circulation.

• Always follow the ESD-prevention procedures described previously to avoid damage to equipment.

Damage from static discharge can cause immediate or intermittent equipment failure.

• Ensure that the chassis top panel is secure. The chassis is designed to allow cooling air to flow

effectively within it. An open chassis allows air leaks, which may interrupt and redirect the flow of cooling air from the internal components.

Power Supply Considerations

For information on power supply considerations including environmental operating ranges and power requirements, see table 8 at the following url:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900a ecd802930c5.html

The ASA can have an AC power supply.

Observe the following considerations:

• Check the power at the site before installing the chassis to ensure that the power is “clean” (free of

spikes and noise). Install a power conditioner if necessary, to ensure proper voltages and power levels in the source voltage.

• Install proper grounding for the site to avoid damage from lightning and power surges.

• In a chassis equipped with an AC-input power supply, use the following guidelines:

–

The chassis does not have a user-selectable operating range. Refer to the label on the chassis for the correct AC-input power requirement.

–

Several styles of AC-input power supply cords are available; make sure you have the correct style for your site.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

2-3

Page 30

General Site Requirements

–

Install an uninterruptible power source for your site, if possible.

–

Install proper site grounding facilities to guard against damage from lightning or power surges.

Configuring Equipment Racks

The following tips help you plan an acceptable equipment rack configuration:

• Enclosed racks must have adequate ventilation. Ensure that the rack is not overly congested, because

each chassis generates heat. An enclosed rack should have louvered sides and a fan to provide cooling air.

• When mounting a chassis in an open rack, ensure that the rack frame does not block the intake or

exhaust ports. If the chassis is installed on slides, check the position of the chassis when it is seated all the way into the rack.

• In an enclosed rack with a ventilation fan in the top, excessive heat generated by equipment near the

bottom of the rack can be drawn upward and into the intake ports of the equipment above it in the rack. Ensure that you provide adequate ventilation for equipment at the bottom of the rack.

• Baffles can help to isolate exhaust air from intake air, which also helps to draw cooling air through

the chassis. The best placement of the baffles depends on the airflow patterns in the rack. Experiment with different arrangements to position the baffles effectively.

Chapter 2 Safety and Site Requirements

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

2-4

OL-12920-01

Page 31

Installing the ASA 5580

• Rack-Mounting the Chassis, page 3-1

• Connecting Interface Cables, page 3-9

• Installing the FIPS Enclosure, page 3-13

Rack-Mounting the Chassis

This section describes how to rack-mount and install the ASA 5580.

Warning

CHAP T ER

Warning

The following information can help plan equipment rack installation:

• Allow clearance around the rack for maintenance.

• When mounting a device in an enclosed rack ensure adequate ventilation. An enclosed rack should

never be overcrowded.

• When mounting a device in an open rack, make sure that the rack frame does not block the intake

or exhaust ports.

• If the rack contains only one unit, mount the unit at the bottom of the rack.

• If the rack is partially filled, load the rack from the bottom to the top, with the heaviest component

at the bottom of the rack.

• If the rack contains stabilizing devices, install the stabilizers prior to mounting or servicing the unit

in the rack.

Before performing any of the following procedures, ensure that the power source is off. (AC or DC). To ensure that power is removed from the DC circuit, locate the circuit breaker on the panel board that services the DC circuit, switch the circuit breaker to the OFF position, and tape the switch handle of the circuit breaker in the OFF position.

Make sure that the rack is not congested, because each unit generates heat.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-1

Page 32

Rack-Mounting the Chassis

2 3 45678

Cisco IPS 4270 SERIES Intrusion Prevention Sensor

T 1

201990

Chapter 3 Installing the ASA 5580

Warning

To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety: This unit should be mounted at the bottom of the rack if it is the only unit in the rack. When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack. If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack. Statement 1006 This procedure requires two or more people to position the ASA 5580 on the slide assemblies before pushing it in to the rack.

To install the ASA 5580 in the rack, perform the following steps:

Step 1 Attach the chassis side rail to the ASA 5580 by aligning the chassis rail to the stud on the ASA 5580,

pressing the chassis side rail in to the stud, and then sliding the chassis side rail backwards until you hear the latch catch, as shown in

Figure 3-1 Chassis Side Rail Attachment

Figure 3-1.

Note The tapered end of the chassis side rail should be at the back of the ASA 5580. The chassis side

rail is held in place by the inner latch.

Step 2 Repeat Step 1 for each chassis side rail.

Step 3 To remove the chassis side rail, lift the latch, and slide the rail forward, as shown in Figure 3-2.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-2

OL-12920-01

Page 33

Chapter 3 Installing the ASA 5580

Figure 3-2 Removal from the Chassis Side Rail

2 3 45678

Rack-Mounting the Chassis

Cisco IPS

0 S

Intru

I E

n P

even

tion S

nsor

UID

SYSTEM

PWR STATUS

MGMT 0

MGMT 1

250120

Step 4 If you are installing the ASA 5580 in a shallow rack, one that is less than 28.5 in. (72.39 cm), remove

the screw from the inside of the slide assembly before continuing with Step

5, as shown in Figure 3-3.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-3

Page 34

Rack-Mounting the Chassis

Figure 3-3 Screw Inside the Slide Assembly

Chapter 3 Installing the ASA 5580

< 28.5”

3-4

201991

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

OL-12920-01

Page 35

Chapter 3 Installing the ASA 5580

Step 5 Attach the slide assemblies to the rack, as shown in Figure 3-4.

For round- and square-hole racks:

a. Line up the studs on the slide assembly with the holes on the inside of the rack and snap into place.

b. Adjust the slide assembly lengthwise to fit the rack. The spring latch locks the slide assembly into

position.

Figure 3-4 Slide Assembly Attachment

Rack-Mounting the Chassis

201992

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-5

Page 36

Rack-Mounting the Chassis

c. Repeat for each slide assembly.

d. Lift the spring latch to release the slide assembly if you need to reposition it.

For threaded-hole racks:

a. Remove the eight round- or square-hole studs on each slide assembly using a standard screwdriver,

Figure 3-5 Attachment in Threaded Hole Racks

Make sure the slide assemblies line up with each other in the rack.

as shown in

Note You may need a pair of pliers to hold the retaining nut.

Figure 3-5.

Chapter 3 Installing the ASA 5580

b. Line up the bracket on the slide assembly with the rack holes, install two screws (top and bottom)

on each end of the slide assembly, as shown in

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-6

201993

Figure 3-6.

OL-12920-01

Page 37

Chapter 3 Installing the ASA 5580

Figure 3-6 Lining up the Bracket

Rack-Mounting the Chassis

c. Repeat for each slide assembly.

Step 6 Extend the slide assemblies out of the rack, as shown in Figure 3-7.

201994

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-7

Page 38

Rack-Mounting the Chassis

201995

Figure 3-7 Slide Assemblies Extended

Chapter 3 Installing the ASA 5580

Step 7 Align the chassis side rails on the ASA 5580 with the slide assembly on both sides of the rack, release

the blue slide tab (by either pulling the tab forward or pushing the tab back), and carefully push the ASA 5580 in to place, as shown in

Warning

When installing a ASA 5580 in an empty rack, you must support the ASA 5580 from the front until the blue slide tabs are activated and the ASA 5580 is pushed completely in to the rack, or the rack can tip.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-8

Figure 3-8.

OL-12920-01

Page 39

Chapter 3 Installing the ASA 5580

C i s c

I P

4 2 7

0 S

E R I

S I nt

r u

s i o

n P

r e

v e

t i o n

e n

s o

T 0

201996

Figure 3-8 Alignment of the Chassis Side Rails

Connecting Interface Cables

Caution Keep the ASA 5580 parallel to the floor as you slide it into the rails. Tilting the ASA 5580 up or down

can damage the slide rails.

Connecting Interface Cables

This section describes how to connect the appropriate cables to the Console, Management, copper Ethernet, and fiber Ethernet ports.

To connect cables to the network interfaces, perform the following steps:

Step 1 Place the chassis on a flat, stable surface, or in a rack (if you are rack-mounting it).

Step 2 Connect to the Management port.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

OL-12920-01

3-9

Page 40

Connecting Interface Cables

23456789

PCI-E x4

PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100 MHz

PS2

PS1

UID

CONSOLE

MGMT0/0

241231

Reserved

Interface

expansion slots

RJ-45 to RJ-45

Ethernet cable

MGMT0/1

The ASA 5580 has a dedicated interface for device management that is referred to as the Management 0/0 port. The management ports (Management 0/0 port and Management 0/1) are Gigabit Ethernet interfaces. The management ports are similar to the Console port, but they only accept traffic that is destined to-the-box (versus traffic that is through-the-box). Management 0/0 (MGMT0/0) is the default command and control port.

Note You can configure any interface to be a management-only interface using the management-only

a. Locate an Ethernet cable, which has an RJ-45 connector on each end.

b. Connect one RJ-45 connector to the Management 0/0 port, as shown in Figure 3-9.

c. Connect the other end of the Ethernet cable to the Ethernet port on your computer or to your

Figure 3-9 Connecting to the Management Port

Chapter 3 Installing the ASA 5580

command. You can also disable management-only configuration mode on the management interface. For more information about this command, see the management-only command in the command reference.

management network.

Caution Management and console ports are privileged administrative ports. Connecting them to an untrusted

network can create security concerns.

Step 3 Connect to the Console port. Use the Console port to connect to a computer to enter configuration

commands.

a. Before connecting a computer or terminal to any ports, check to determine the baud rate of the serial

port. The baud rate of the computer or terminal must match the default baud rate (9600 baud) of the Console port of the ASA 5580.

Set up the terminal as follows: 9600 baud (default), 8 data bits, no parity, 1 stop bits, and Flow Control (FC) = Hardware.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-10

OL-12920-01

Page 41

Chapter 3 Installing the ASA 5580

Computer serial port

DB-9

250084

PS1

Reserved

for

Future Use

CONSOLE

MGMT 0/0

RJ-45 to

DB-9 serial cable

(null-modem)

Console

port (DB-9)

RJ-45 to

DB-9 adapter

b. Connect the RJ-45 to a DB-9 adapter connector to the Console port and connect the other end to the

DB-9 connector on your computer, as shown in

NoteYou can use a 180/rollover or straight-through patch cable to connect the ASA to a port on a terminal

Figure 3-10 Connection of the RJ-45 to a DB-9 Adapter

Connecting Interface Cables

Figure 3-10.

server with RJ-45 or hydra cable assembly connections. Connect the appropriate cable from the Console port on the ASA to a port on the terminal server.

Step 4 Connect to copper and fiber Ethernet ports to be used for network connections. Copper and Fiber

Ethernet ports are available in slots 3 to slot 8.

By default, the ASA 5580 ships with slot 3 through slot 8 available. You can purchase bundles for the I/O adapter options. See the

a. Connect one end of an Ethernet cable to an Ethernet port in slots 3 through 8, as shown in

Figure 3-11.

OL-12920-01

“Network Interfaces” section on page 1-10 for more information.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-11

Page 42

Connecting Interface Cables

Figure 3-11 Copper Ethernet or a Fiber Ethernet Interface

Chapter 3 Installing the ASA 5580

Interface

PS2

Reserved Reserved

PCI-E x4

UID

expansion slots

PCI-E x8 PCI-E x4 PCI-E x8 PCI-E x4 PCI-X 100 MHz

23456789

Multi-mode fiber cable with LC connector

MGMT0/0

PS1

CONSOLE

MGMT0/1

RJ-45 to RJ-45

Ethernet cable

b. Connect the other end of the Ethernet cables to a network device, such as a router or switch.

Step 5 Install the electrical cables at the back of the ASA. Attach the power cables and plug them in to a power

source (we recommend a UPS), as shown in

Figure 3-12.

241234

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-12

OL-12920-01

Page 43

Chapter 3 Installing the ASA 5580

P C

I-

x 4

C I-

x 4

P C

I-

0 0

PS2

PS1

UID

R e

s e

r v

e d

t u re

C O

N S

L E

M G

0 /0

REAR

201997

234

PCI-E x4 PCI-X 100 MHz

erved for

Futur

e U

CONSOLE

MGMT

0/0

PS1

Figure 3-12 Electrical Cable Installation

Installing the FIPS Enclosure

Step 6 Power on the chassis.

Installing the FIPS Enclosure

This section describes the installation procedure for the FIPS enclosure, applying the tamper evident labels, and includes the following topics:

• Before You Begin, page 3-13

• Overview, page 3-14

Before You Begin

• Installing the FIPS Enclosure, page 3-15

• Applying Tamper Evident Labels, page 3-19

The FIPS enclosures may cover the serial number on the chassis. You will need the serial number for calls made to Cisco Technical Support. Before you install the FIPS enclosures, copy the serial number on a label and stick it on the chassis where it can be retrieved or viewed easily.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-13

Page 44

Installing the FIPS Enclosure

279250

Overview

Chapter 3 Installing the ASA 5580

Figure 13 shows the front shield assembly of the FIPS enclosure for the ASA 5580.

Figure 13 Front Shield Assembly

1 Self-adhesive tape with liner

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-14

OL-12920-01

Page 45

Chapter 3 Installing the ASA 5580

279249

Figure 14 shows the rear shield assembly of the FIPS enclosure for the ASA 5580.

Figure 14 Rear Shield Assembly

1 Notched for cables on both sides 2 Screws

Installing the FIPS Enclosure

This section describes the installation procedure for the front and rear shield assemblies, and includes the following topics:

• Installing the Front Shield Assembly, page 3-15

• Installing the Rear Shield Assembly, page 3-18

Note The maximum operating temperature for the Cisco ASA 5580 with the shields installed should be 32C.

Installing the Front Shield Assembly

To install the front shield assembly, you must first pull out the processor module from the chassis. To pull out the processor module, perform the following steps:

Step 1 Power off the ASA.

Step 2 Copy the ASA 5580 serial number on a label and stick it on the chassis where it can be retrieved easily

for future use, if needed. For more information see the

Before You Begin section.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-15

Page 46

Installing the FIPS Enclosure

Step 3 Release the latches on the lever, see Figure 15.

Step 4 Lower the handle, and pull the module out of the ASA until the release latches catch.

Figure 15 Releasing the Latch and Lowering the Handle

Chapter 3 Installing the ASA 5580

242070

Step 5 Remove the five screws from the top and four screws on the sides of the front shield assembly. Keep the

screws in a secure place for later use.

The front shield assembly consists of a front surround panel that has double-sided tape, and a front panel. See

Figure 16.

Figure 16 Front Surround Panel and the Front Panel

279319

Step 6 Clean the chassis of any grease, dirt or oil with alcohol where the self-adhesive tape will stick on the

chassis.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-16

OL-12920-01

Page 47

Chapter 3 Installing the ASA 5580

Step 7 Place the front surround panel over the front of the module so that the roller balls on the top of the

module are visible through the matching openings on the surround panel. See

Figure 17 Placement of the Front Surround Panel on the Module

1 1

2 3 45678

Cisco ASA 5580 SERIES Adaptive Security Appliance

UID

PWR STATUS

SYSTEM

MGMT 1

MGMT 0

Installing the FIPS Enclosure

Figure 17.

279326

1 Roller balls

Step 8 Remove the tape backing from the self-adhesive tape.

Step 9 Press down the self-adhesive tape to make sure the front surround panel is firmly stuck to the chassis.

Step 10 Push the module back into the chassis and use the handle to lock the module into place. See Figure 18.

Figure 18 Locking the Module into Place

2 3 45678

Cisco ASA 5580 SERIES Adaptive Security Appliance

UID

PWR STATUS

MGMT 1

SYSTEM

MGMT 0

OL-12920-01

279318

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-17

Page 48

Installing the FIPS Enclosure

279248

Step 11 Install the front panel inside the front surround panel and secure it with the nine screws you removed in

Step 5. See

Figure 19 Installing the Front Panel to the Front Surround Panel

Chapter 3 Installing the ASA 5580

Figure 19.

Installing the Rear Shield Assembly

To install the rear shield assembly, perform the following steps:

Step 1 Position the rear shield assembly on the rear of the chassis and align the rear shield panel holes with the

holes on the rear of the chassis.

Step 2 Secure the shield into place using the screws provided in the kit. See Figure 20.

Figure 20 Install the Rear Shield on the Rear of the Chassis

279251

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-18

OL-12920-01

Page 49

Chapter 3 Installing the ASA 5580

2 3 45678

279322

Cisco ASA 5580 SERIES Adaptive Security Appliance

UID

SYSTEM

PWR STATU S

MGMT 0

MGMT 1

Step 3 Connect the power source and power on the chassis.

Applying Tamper Evident Labels

You must apply 16 tamper evident labels. Clean the chassis of any grease, dirt, or oil before applying the tamper evident labels. Alcohol-based cleaning pads are recommended for this purpose.

Step 1 Apply seven tamper evident labels to the front of the chassis as shown in Figure 21.

Figure 21 ASA 5580 Tamper Evident Label Placement

Installing the FIPS Enclosure

Step 2 Apply six tamper evident labels to the back of the chassis as shown in Figure 22.

Figure 22 ASA 5580 Tamper Evident Label Placement

279323

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-19

Page 50

Installing the FIPS Enclosure

Step 3 Apply two tamper evident labels to the left of the chassis as shown in Figure 23.

Figure 23 ASA 5580 Tamper Evident Label Placement

Step 4 Apply one tamper evident label to the right of the chassis as shown in Figure 24.

Figure 24 ASA 5580 Tamper Evident Label Placement

Chapter 3 Installing the ASA 5580

279324279325

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

3-20

OL-12920-01

Page 51

CHAP T ER

Maintenance and Upgrade Procedures

This chapter describes maintenance and upgrade procedures. This chapter includes the following sections:

• Removing and Replacing the Chassis Cover, page 4-1

• Accessing the Diagnostic Panel, page 4-4

• Removing and Installing the Interface Cards, page 4-4

• Removing and Installing the Power Supply, page 4-6

• Removing and Installing Fans, page 4-10

• Upgrading the ASA 5580-20 to an ASA 5580-40, page 4-13

• Troubleshooting Loose Connections, page 4-24

Caution The BIOS on the ASA chassis is specific to the ASA and must only be upgraded under instructions from

Cisco with BIOS files obtained from the Cisco website. Installing a non-Cisco or third-party BIOS on the ASA voids the warranty.

Removing and Replacing the Chassis Cover

This section describes how to remove and replace the chassis cover from the ASA. This section includes the following topics:

• Removing the Chassis Cover, page 4-2

• Replacing the Chassis Cover, page 4-4

Warning

OL-12920-01

Before working on a system that has an On/Off switch, turn OFF the power and unplug the power cord.

Statement 1

This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than 120 VAC, 20 A U.S. (240 VAC, 16-20 A International).

Statement 1005

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-1

Page 52

Removing and Replacing the Chassis Cover

Chapter 4 Maintenance and Upgrade Procedures

Warning

Caution Follow proper safety procedures when removing and replacing the chassis cover by reading the safety

Statement 1029

warnings in Regulatory Compliance and Safety Information for the Cisco ASA 5580.

Caution Do not operate the ASA for long periods with the chassis cover open or removed. Operating it in this

manner results in improper airflow and improper cooling that can lead to thermal damage.

Removing the Chassis Cover

To remove the chassis cover, perform the following steps:

Statement 1024

Note Removing the chassis cover does not affect Cisco warranty. Upgrading the ASA does not require any

special tools and does not create any radio frequency leaks.

Step 1 Read the Regulatory Compliance and Safety Information for the Cisco ASA 5580 document.

Step 2 Extend the ASA out of the rack if it is rack-mounted..

If the locking latch is locked, use the T-15 Torx screwdriver located on the back of the chassis to unlock it. See

Figure 1-2 on page 1-5 to see the location of the T-15 Torx screwdriver. Turn the locking screw a

quarter of a turn counterclockwise to unlock it, see Figure 4-1.

Caution Do not operate the ASA without the chassis cover installed. The chassis cover protects the internal

components, prevents electrical shorts, and provides proper air flow for cooling the electronic components.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-2

OL-12920-01

Page 53

Chapter 4 Maintenance and Upgrade Procedures

2 3 45678

241968

2 3 45678

Cisco

ASA 55

80 S

ERI

aptive Se

curity A

lianc

UID

PWR

STATU

MGMT 0

Step 3 Lift up the cover latch on the top of the chassis, see Figure 4-1.

Figure 4-1 Unlocking and Lifting the Latch

3 4

Cisco

ASA 55

Adaptive Se

Removing and Replacing the Chassis Cover

80 S

ERI

curity A

lianc

STATU

UID

PWR

MGMT 0

Step 4 Slide the chassis cover back and up to remove it, see Figure 4-2.

Figure 4-2 Sliding the Chassis Cover

241967

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-3

Page 54

Accessing the Diagnostic Panel

Replacing the Chassis Cover

To replace the chassis cover, perform the following steps:

Step 1 Position the cover on top of the chassis and slide it on. Push down on the cover latch to lock it into place.

Note Make sure the chassis cover is securely locked into place before powering on the ASA.

Step 2 Reinstall the ASA in a rack, on a desktop, or on a table, or extend it back into the rack.

Accessing the Diagnostic Panel

Chapter 4 Maintenance and Upgrade Procedures

Note When you remove the chassis cover to view the Diagnostic Panel, leave the ASA powered on. Powering

off the ASA clears the Diagnostic Panel indicators.

To access the Diagnostic Panel, perform the following steps:

Step 1 Extend the ASA from the rack.

Step 2 Remove the chassis cover.

For more information, see Removing the Chassis Cover, page 4-2.

Step 3 Locate the Diagnostic Panel (see Figure 1-5 on page 1-9)

For information on what internal health information each indicator displays, see the

“Figure 1-5Diagnostic Panel” section on page 1-9. Follow the instructions in this chapter to remove and

install failed components. For aid in troubleshooting, use the internal health indicators information when contacting TAC.

Removing and Installing the Interface Cards

The ASA 5580 has nine expansion card slots. For detailed information about network interfaces and available cards, see the

“Network Interfaces” section on page 1-10.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-4

OL-12920-01

Page 55

Chapter 4 Maintenance and Upgrade Procedures

250204

PCI-E

PCI-E x4 PCI-E

x8 PCI-E

UID

PS2

This section includes the following topics:

• Removing the Interface Cards, page 4-5

• Installing an Interface Cards, page 4-6

Caution To prevent damage to the ASA 5580 or the expansion cards, power down the ASA 5580 and remove all

AC power cables before removing or installing expansion cards.

Removing the Interface Cards

To remove the interface cards, perform the following steps:

Step 1 Power off the ASA

Step 2 Remove the power cables from the ASA.

Step 3 If rack-mounted, extend the ASA from the rack.

Step 4 Make sure the ASA is in an ESD-controlled environment.

For more information, see the “Preventing Electrostatic Discharge Damage” section on page 2-2.

Step 5 Remove the chassis cover.

Removing and Installing the Interface Cards

For more information, see the “Removing the Chassis Cover” section on page 4-2.

Step 6 To unlock the expansion card slot, push down on the center part of the blue tab and open the latch, see

Figure 4-3.

Step 7 To install a card, position the card over the socket, and gently push the card down, see Figure 4-3.

Figure 4-3 Unlocking the Expansion Card Slot and Installing the Card

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-5

Page 56

Removing and Installing the Power Supply

Installing an Interface Cards

To install the interface cards, perform the following steps:

Step 1 To install a card, position the card so that its connector lines up over the socket on the mother board and

push the card down in to the socket. Press down on the outer edge of the blue tab to lock the card into place.

Note To remove the expansion cards, unlock the retaining clip. To install the expansion cards, lock the

retaining clip.

Step 2 Replace the chassis cover.

For more information, see the “Replacing the Chassis Cover” section on page 4-4.

Step 3 Slide the server back in to the rack by pressing the server rail-release handles.

Step 4 Reconnect the power cables to the Cisco ASA 5580 series adaptive security appliance.

Step 5 Power on the Cisco ASA 5580 series adaptive security appliance.

Chapter 4 Maintenance and Upgrade Procedures

Removing and Installing the Power Supply

For information on power supply considerations including environmental operating ranges and power requirements, see table 8 at the following url:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900a ecd802930c5.html

Note Make sure the two power supplies are powered by separate AC power sources so that the ASA is always

available.

This section describes how to remove and install the power supply in the ASA. This section includes the following topics:

• Removing and Installing the Power Supply, page 4-6

• Installing the Power Supply, page 4-9

Removing the Power Supply

The Power supplies are hot-pluggable. If you are replacing a redundant power supply, you can replace it while the ASA is running. If only one power supply is installed, do not remove the power supply unless the ASA has been powered off. Removing the only operational power supply causes an immediate power loss.

To remove the power supply, perform the following steps:

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-6

OL-12920-01

Page 57

Chapter 4 Maintenance and Upgrade Procedures

Note The following steps apply only if you have one active functioning power supply.

Step 1 Power off the ASA.

Step 2 Remove the power cable from the ASA.

Step 3 Use the T-15 Torx screwdriver that shipped with the ASA to remove the shipping screw, see Figure 4-4.

For location of the T-15 Torx screwdriver, see Figure 1-2 on page 1-5.

Step 4 Press the latch, and pull the power supply handle out, see Figure 4-4.

Figure 4-4 Removing the Screw

PCI-E x4 PCI-X 100 MHz

Removing and Installing the Power Supply

234

PS1

OL-12920-01

CONSO

MGMT

0/0MGMT 0/1

241970

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-7

Page 58

Removing and Installing the Power Supply

Step 5 Remove the power supply by pulling it away from the chassis, see Figure 4-5.

Figure 4-5 Pulling the Power Supply Handle

PCI-E x4 PCI-X 100 MHz

Chapter 4 Maintenance and Upgrade Procedures

234

PS1

CONSOLE

CONSO

MGMT 0/1

MGMT 0/0

241971

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-8

OL-12920-01

Page 59

Chapter 4 Maintenance and Upgrade Procedures

234

PCI-E x4 PCI-X 100 MHz

CONSO

MGMT 0/0

MGMT 0/1

PS1

241972

Installing the Power Supply

To install the power supply in the ASA, perform the following steps:

Step 1 Align and push the power supply into place, see Figure 4-6.

Figure 4-6 Pushing the Power Supply

Removing and Installing the Power Supply

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-9

Page 60

Removing and Installing Fans

234

PCI-E x4 PCI-X 100 MHz

CONSO

MGMT 0/0

MGMT 0/1

PS1

241973

Step 2 Lock the power supply handle, see Figure 4-7.

Figure 4-7 Locking the Power Supply Handle

Chapter 4 Maintenance and Upgrade Procedures

Step 3 Use the T-15 Torx screwdriver to screw the power supply back into place.

Step 4 Reconnect the power cable.

Be sure that the power supply indicator and the front panel health indicators are green.

Step 5 Power on the ASA.

Removing and Installing Fans

There are six fans in the Cisco ASA 5580 series adaptive security appliance. For the fan locations, see

Figure 1-4 on page 1-8. The Cisco ASA 5580 series adaptive security appliance supports redundant

hot-pluggable fans in a 5 + 1 configuration to provide proper airflow. This section describes how to install and remove the fans in the Cisco ASA 5580 series adaptive security appliance. This section includes the following topics:

• Removing the Fan, page 4-11

• Installing the Fan, page 4-12

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-10

OL-12920-01

Page 61

Chapter 4 Maintenance and Upgrade Procedures

Figure 4-8 shows the fan, its connector, and its indicator.

Figure 4-8 Fan, Connector, and Indicator

The fan indicators provide the following information:

Removing and Installing Fans

250251

• Green—Operating normally

• Amber—Failed

• Off— No power

Removing the Fan

To remove fans in the ASA, perform the following steps:

Step 1 Extend the chassis from the rack..

Step 2 Remove the chassis cover. For more information, see Removing the Chassis Cover, page 4-2

Step 3 Identify the failed fan by locating an amber indicator on top of the failed fan or a lighted FAN X indicator

on the Diagnostic Panel.

For more information about the Diagnostic Panel, see Figure 1-5 on page 1-9.

Step 4 To remove the fan, grasp the red plastic handle and pull the handle up, see Figure 4-9.

Note Remove and replace one fan at a time.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-11

Page 62

Removing and Installing Fans

UID

241969

PCI-E

PCI-E x4 PCI-E x8

PCI-E x4 PCI-X 100 MHz

PS2

CON

OLE

MGMT

0/0MGMT 0/

PS1

Figure 4-9 Removing the Fan

Chapter 4 Maintenance and Upgrade Procedures

Installing the Fan

To install fans in the ASA, perform the following steps:

Step 1 To install a new fan, position the fan over the slot so that the connector below the fan indicator lines up

with the connection on the motherboard (for the location of the connector, see

Step 2 Push down until the fan clicks into place.

Step 3 Check to make sure the indicator on each fan is green.

Note If the front panel internal system health indicator is not green after you install a fan, reseat the

fan.

Step 4 Replace the chassis cover.

Step 5 Slide the ASA back in to the rack by pressing the rail-release handles.

Figure 4-8).

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-12

OL-12920-01

Page 63

Chapter 4 Maintenance and Upgrade Procedures

Upgrading the ASA 5580-20 to an ASA 5580-40

The ASA supports operation in a two or four-processor configuration. The ASA 5580-20 includes two processors. To upgrade from the ASA 5580-20 to the ASA 5580-40, add the additional processors to the unit.

• Prerequisites, page 4-13

• Accessing the Processor Memory Module, page 4-13

• Installing a Processor, page 4-15

Prerequisites

• Always upgrade the license first before adding new processors. After upgrading the license, you

must reboot the chassis. If you fail to reboot or reboot without adding new processors after upgrading your license, the chassis will continue to operate as the ASA 5580-20.

Note When you purchase the appropriate user upgrade license, you will receive a Product

Activation Key (PAK) when the order is fulfilled. Per the enclosed instructions, you should visit

http://www.cisco.com/go/license, where you will be prompted to enter your contact

information and PAK number along with the serial number of your module. The software on the Content Security Edition module will be enabled for the new user count and/or Plus functionality automatically and transparently the next time it checks for updates.

• The ASA power modules provide proper power to each processor. Each power module must be

installed in the slot adjacent to its processor.

Accessing the Processor Memory Module

The processors and the power modules are stored in a module at the front of the ASA. Access to this module is provided through the front panel, eliminating the need to remove the ASA from the rack to install or replace the processors.

To remove the processor module, perform the following steps:

Step 1 Power off the ASA.

Step 2 Release the latches on the lever, see Figure 4-10.

Step 3 Lower the handle, and pull the module out of the ASA until the release latches catch, see Figure 4-10.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-13

Page 64

Upgrading the ASA 5580-20 to an ASA 5580-40

242070

Figure 4-10 Releasing the Latch and Lowering the Handle

Chapter 4 Maintenance and Upgrade Procedures

Step 4 Firmly holding the module, press the release buttons and pull the module out of the ASA, see

Figure 4-11.

Figure 4-11 Release Button Location

1 Release buttons 2 Module

Step 5 Release the latch, and open the cover.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-14

242071

OL-12920-01

Page 65

Chapter 4 Maintenance and Upgrade Procedures

Step 6 Attatch the grounding strap to a flat, unpainted surface on the inside of the ASA.

Installing a Processor

Caution To avoid damage to the ASA and system board, only authorized personnel should attempt to replace or

install the processor in this ASA.

Caution To prevent possible malfunction and damage to the equipment, multiple processors installed in the ASA

must have the same part number.

Caution Processor and processor power module sockets 1 and 2 must be populated at all times or the ASA will

not function properly.

Upgrading the ASA 5580-20 to an ASA 5580-40

Caution To help avoid damage to the processor and system board, use the processor installation tool to install the

new processor.

Caution Use caution when installing the processor memory module or removing the processor memory module;

when fully populated, it can weigh up to 30 pounds.

To install a processor, perform the following steps:

Step 1 Attatch the grounding strap to a flat, unpainted surface on the inside of the chassis.

Step 2 Open the heatsink retaining bracket, see Figure 4-12.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-15

Page 66

Upgrading the ASA 5580-20 to an ASA 5580-40

242073

242074

Figure 4-12 Opening the Heatsink Bracket

Chapter 4 Maintenance and Upgrade Procedures

Caution The pins on the processor socket are very fragile. Any damage to them may require replacing the system

board.

Step 3 Remove the processor socket protective cover, see Figure 4-13. Retain the cover for future use.

Figure 4-13 Removing the Processor Socket Protective Cover

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-16

OL-12920-01

Page 67

Chapter 4 Maintenance and Upgrade Procedures

Caution Failure to completely open the processor locking lever prevents the processor from seating during

installation, leading to hardware damage.

Step 4 Rotate the latch and open the retaining bracket, see Figure 4-14.

Figure 4-14 Rotating the Latch and Opening the Retaining Bracket

Upgrading the ASA 5580-20 to an ASA 5580-40

242075

Caution Be sure the processor remains inside the processor installation tool.

Step 5 If the processor has separated from the installation tool, carefully reinsert the processor in the tool, see

Figure 4-15.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-17

Page 68

Upgrading the ASA 5580-20 to an ASA 5580-40

242076

Figure 4-15 Reinsert the Processor in the Tool

Chapter 4 Maintenance and Upgrade Procedures

Step 6 Align the processor installation tool with the socket and install the processor, see Figure 4-16.

Caution The processor is designed to fit one way into the socket. Use the alignment guides on the processor and

socket to properly align the processor with the socket.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-18

OL-12920-01

Page 69

Chapter 4 Maintenance and Upgrade Procedures

242077

24207

Figure 4-16 Aligning and Installing the Processor

Upgrading the ASA 5580-20 to an ASA 5580-40

Step 7 Press down firmly until the processor installation tool clicks and separates from the processor, and then

remove the processor installation tool, see

Figure 4-17.

Figure 4-17 The Processor Installation Tool

Step 8 Close the processor retaining bracket and the processor retaining latch, see Figure 4-18.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-19

Page 70

Upgrading the ASA 5580-20 to an ASA 5580-40

242080

Figure 4-18 Closing the Processor Retaining Bracket and Retaining Latch.

Chapter 4 Maintenance and Upgrade Procedures

Step 9 Remove the heatsink cover.

Caution After the cover is removed, do not touch the thermal interface media.

Step 10 Install the heatsink, you must press hard to clamp it down, see Figure 4-19.

Figure 4-19 Installing the Heatsink

242079

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-20

OL-12920-01

Page 71

Chapter 4 Maintenance and Upgrade Procedures

242081

Step 11 Close the heatsink retaining bracket, see Figure 4-20.

Figure 4-20 Closing the Heatsink Retaining Bracket

Upgrading the ASA 5580-20 to an ASA 5580-40

Step 12 Install the processor power module. The processor power module is keyed and the key must be aligned

when installed, see

Figure 4-21.

Note Always install a processor power module when you install a processor. The system fails to boot

if the corresponding processor power module is missing.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-21

Page 72

Upgrading the ASA 5580-20 to an ASA 5580-40

Figure 4-21 Installing the Processor Power Module

Chapter 4 Maintenance and Upgrade Procedures

242082

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-22

OL-12920-01

Page 73

Chapter 4 Maintenance and Upgrade Procedures

242069

Step 13 Install the memory module into the ASA. The four memory modules should be installed in slots 17I, 18I,

25M, and 26M, see

Note Memory location before upgrading are 1A, 2A, 3B, 4B 9E, 10E, 11F, 12F.

Figure 4-22 DIMM slot identification

Upgrading the ASA 5580-20 to an ASA 5580-40

Figure 4-22.

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-23

Page 74

Troubleshooting Loose Connections

Step 14 Close the processor memory module cover, see Figure 4-23.

Figure 4-23 Closing the Module Cover

Chapter 4 Maintenance and Upgrade Procedures

Step 15 Install the fan by positioning the fan over the slot so that the connector below the fan indicator lines up

with the connection on the motherboard. Push down until the fan clicks into place.

Step 16 Power on the ASA.

Troubleshooting Loose Connections

Perform the following actions to troubleshoot loose connections on the ASA 5580 adaptive security appliance:

• Make sure all power cords are securely connected.

• Make sure all cables are properly aligned and securely connected for all external and internal

components.

• Remove and check all data and power cables for damage. Make sure no cables have bent pins or

damaged connectors.

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-24

OL-12920-01

Page 75

Chapter 4 Maintenance and Upgrade Procedures

• Make sure each device is properly seated.

• If a device has latches, make sure they are completely closed and locked.

• Check any interlock or interconnect indicators that indicate a component is not connected properly.

If problems continue, remove and reinstall each device, checking the connectors and sockets for bent pins or other damage.

Troubleshooting Loose Connections

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-25

Page 76

Troubleshooting Loose Connections

Chapter 4 Maintenance and Upgrade Procedures

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

4-26

OL-12920-01

Page 77

H5318

2 3145678Pin Label

RD+

RD-

TD+

TD-

Cable Pinouts

This appendix describes pinout information for the ASA 5580 port pinouts, and includes the following sections:

• 10/100/1000BaseT Ports, page A-1

• Console Port (RJ-45), page A-2

• Console RJ-45 to DB-9 Adapter, page A-3

• SFP Fiber Ports, page A-4

10/100/1000BaseT Ports

The ASA supports 10/100/1000BaseT ports. You must use at least a Category 5 cable for 100/1000baseT operations, but a Category 3 cable can be used for 10BaseT operations.

The 10/100/1000BaseT ports use standard RJ-45 connectors and supports MDI and MDI-X connectors. See the

Figure A-1 shows the 10BaseT and the 100BaseTX connector (RJ-45).

“Auto-MDI/MDIX Feature” section on page 1-13.

APPENDIX

Figure A-1 10/100 Port Pinouts

Figure A-2 shows the 10BaseT, 100BaseTX, and 1000BASE-T connector (RJ-45).

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

A-1

Page 78

Console Port (RJ-45)

60915

2 3145678Pin Label

TP0+

TP0-

TP1+

TP2+

TP2-

TP1-

TP3+

TP3-

H2936

8 7 6 5 4 3 2 1

RJ-45 connector

Figure A-2 10/100/1000 Port Pinouts

Console Port (RJ-45)

Appendix A Cable Pinouts

Cisco products use the following types of RJ-45 cables:

• Straight-through

• Crossover

Note Cisco does not provide these cables; they are widely available from other sources.

Figure A-3 shows the RJ-45 cable.

Figure A-3 RJ-45 Cable

To identify the RJ-45 cable type, hold the two ends of the cable next to each other so that you can see the colored wires inside the ends, as shown in

Figure A-4.

A-2

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

OL-12920-01

Page 79

Appendix A Cable Pinouts

H5663

Console RJ-45 to DB-9 Adapter

Figure A-4 RJ-45 Cable Identification

Examine the sequence of colored wires to determine the type of RJ-45 cable, as follows:

• Straight-through—The colored wires are in the same sequence at both ends of the cable.

• Crossover—The first (far left) colored wire at one end of the cable is the third colored wire at the

other end of the cable.

Table A-1 lists the rolled (console) cable pinouts for RJ-45.

Ta b l e A-1 RJ-45 Rolled (Console) Cable Pinouts

Signal Pin Pin Pin

- 1 8 -

- 2 7 -

- 3 6 -

- 4 5 -

- 5 4 -

- 6 3 -

- 7 2 -

- 8 1 -

Console RJ-45 to DB-9 Adapter

Table A-2 lists the cable pinouts for RJ-45 to DB-9 or DB-25.

Ta b l e A-2 Cable Pinouts for RJ-45 to DB-9 or DB-25

Signal RJ-45 Pin DB-9 Pin

RTS 8 8

DTR 7 6

TxD 6 2

GND 5 5

GND 4 5

RxD 3 3

OL-12920-01

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

A-3

Page 80

SFP Fiber Ports

Table A-2 Cable Pinouts for RJ-45 to DB-9 or DB-25 (continued)

Signal RJ-45 Pin DB-9 Pin

DSR 2 4

CTS 1 7

SFP Fiber Ports

Note The fiber connections on the ASA only supports multimode fiber with LC connectors. There is currently

no support for single mode fiber or SC connectors. The fiber modules are also not replaceable.

Table A-3 lists the types of SFP modules and connectors used in the ASA.

Ta b l e A-3 Types of SFP Modules and Connectors

Port Compliance Connector Fiber Type

Gigabit Ethernet 1000BASE-SX SW MMF

Appendix A Cable Pinouts

1000BASE-LX LW SMF

Table A-4 lists the SFP port cabling specifications for the SFP modules and connectors used in the ASA.

Ta b l e A-4 SFP Port Cabling Specifications

Cisco Product Number

GLC-SX-MM= 850 62.5

Wavelength (nanometer)

Core Size (micron)

50.0

Baud Rate Cable Distance

1.0625

300 m

500 m

GLC-LH-SM= 1300 9.0 1.0625 10 km

Cisco ASA 5580 Series Adaptive Security Appliance Hardware Installation Guide

A-4

OL-12920-01

Page 81

INDEX

Numerics

10-Gigabit Ethernet fiber interface card

described 1-11

illustration 1-12

accessing

Diagnostic Panel ASA 5580

accessing Diagnostic Panel 4-4

ASA 5580

Diagnostic Panel

described 1-9

illustration 1-9

Ethernet port indicators 1-6

expansion card slots 4-4

fan connector and indicator (illustration) 4-11

fan indicators 4-11

installing

fans 4-11

interface cards 4-5

power supplies 4-6

installing in a rack 3-2

power supply indicators 1-7

removing

interface cards 4-5

power supplies 4-6

specifications 1-13

T-15 Torx screwdriver 4-7, 4-10

auto-MDI/MDIX 1-13

chassis 1-9

loose connections 4-24

chassis covers

removing 4-2

Cisco warranty 2-1

Console port 3-10

Diagnostic Panel

accessing 4-4

component list 1-9

illustration 1-9

indicators 1-9

electrostatic discharge

see ESD

equipment racks

tips 2-4

ESD

preventing 2-2

Ethernet

Auto-MDI/MDIX 1-13

Ethernet port indicators

ASA 5580 1-6

expansion card slots

ASA 5580 4-4

OL-12920-01

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

IN-1

Page 82

Index

failover 1-14

fan indicators

ASA 5580 4-11

fans

ventilation 2-4

FIPS enclosure 3-13

front shield 3-14, 3-15

rear shield 3-15

self-adhesive tape 3-14

tamper evident labels 3-19

Gigabit Ethernet fiber interface card

described 1-11

Gigabit Ethernet interface card

described 1-11

illustration 1-11

Management Port 3-9

MGMT port 3-10

power supplies

ASA 5580

installing 4-6

removing 4-6

power supply indicators

ASA 5580 1-7

Rack installation

ASA 5580 3-2

RJ-45 connector

pinouts A-3

installing

fans (ASA 5580) 4-11

interface cards

ASA 5580

installing 4-5

removing 4-5

internal health information

Diagnostic Panel 4-4

loose connections

chassis 4-24

safety 2-1

site environment 2-2

specifications

ASA 5580 1-13

T-15 Torx screwdriver

ASA 5580 4-7, 4-10

troubleshooting

chassis loose connections 4-24

Diagnostic Panel (ASA 5580) 4-4

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

IN-2

OL-12920-01

Page 83

ventilation fans 2-4

warranty 2-1

Index

OL-12920-01

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

IN-3

Page 84

Index

Cisco ASA 5580 Adaptive Security Appliance Hardware Maintenance Guide

IN-4

OL-12920-01

Cisco 5580-40 - ASA Firewall Edition, ASA 5580 Hardware Installation Manual

Specifications and Main Features

Frequently Asked Questions

User Manual