- August
Posted By : Gom Jabbar
Cisco ASA firewall link and speed indicator LEDs

This weekend, I configured an ASA 5510 firewall. Plugged it in to the network and started testing. When I looked at the rear of the firewall, this is what I saw:

Rear panel of ASA 5510
Rear panel of ASA 5510

Here is a close-up of the ports:

Close-up of interfaces at the rear of ASA
Close-up of interfaces at the rear of ASA

Notice the speed indicator for the third port from the left. It is amber-colored. In the color-coded world of network appliances, what does amber mean?  This is the international sign for collisions, right? There must be some speed or duplex setting that is not playing nice with the other children, right? Wrong.

According to the Cisco ASA 5500 Series Getting Started Guide, 8.2, the amber light denotes a link speed of 1000 Mbps. (Green is  100 Mbps and no light is 10 Mbps.) And indeed, that port on the ASA was set to auto/auto, but it was plugged into an auto-1000 port on the next hop router. When the router port was set to 100 Mbps, the speed indicator light on the ASA turned green. When set to 10 Mbps, the light turned off.

The 5580s have something similar.

Counter-intuitive! Flashing orange always equates to danger (like, a train crossing) in my mind.