Symptom

The mac filter table is incomplete on the Firepower 2100 series platforms. firepower-2130# connect local-mgmt firepower-2130(local-mgmt)# show portmanager switch mac-filters For each port, there should be a corresponding interface MAC entry. In case of transparent mode ASA/FTD, there should be a promiscuous entry to allow traffic for all MAC.

Conditions

This specific issue was observed after configuration sync. The following logs are seen in asa-appagent.log: Jan 12 05:49:54.739 WARN : [appAgent_hb_sender_thread] : [application_agent_msgHandler.c:6593] : AppAgent Not Registered with MIO.Cannot send heartbeat update Jan 12 05:49:55.759 WARN : [appAgent_hb_sender_thread] : [application_agent_msgHandler.c:6593] : AppAgent Not Registered with MIO.Cannot send heartbeat update Jan 12 05:50:02.339 WARN : [appAgent_hb_sender_thread] : [application_agent_msgHandler.c:6593] : AppAgent Not Registered with MIO.Cannot send heartbeat update Following errors are observed during nic_mode message updates: Jan 12 05:49:49.629 ERROR : [fover_parse] : [application_agent_interface_commands.c:4870] : AppAgent is not online. Cannot send nic mac filtering message Jan 12 05:49:49.629 ERROR : [fover_parse] : [application_agent_interface_commands.c:4551] : AppAgent is not online. Cannot send nic mode Message Jan 12 05:49:49.649 ERROR : [fover_parse] : [application_agent_interface_commands.c:4870] : AppAgent is not online. Cannot send nic mac filtering message Jan 12 05:49:49.649 ERROR : [fover_parse] : [application_agent_interface_commands.c:4870] : AppAgent is not online. Cannot send nic mac filtering message

Workaround

Increase the heartbeat interval to 6000 and retry-interval to 10: app-agent heartbeat interval 6000 retry-count 10 This will not cause any adverse impact on the ASA or FTD.

Further Problem Description