topic Re: Diagnostic interface on FTD 2110 in Network Security

Diagnostic interface on FTD 2110

tebogo.pholo1 — Mon, 08 Jun 2020 22:43:07 GMT

Getting error when trying to configure Diagnostic interface on the same subnet as management interface. i have a management switch as the gateway and FMC/SSH can get to the FTD via management ip without any issue. I need diagnostic interface for SNMP

Not sure where the issue could be

FMC >> ip address x.x.x.x x.x.x.x
hostname1 >> error : ERROR: Address is in use by routing instance of different network type
Config Error -- ip address x.x.x.x x.x.x.x

Other logs

Lina configuration application failure log:
Rollback skipped as Lina and SNORT are in sync
write mem executed as Lina and SNORT are in sync

Re: Diagnostic interface on FTD 2110

Marvin Rhoads — Tue, 09 Jun 2020 03:06:08 GMT

I'm not sure where the output you provided comes from. I'm not familiar with the "FMC>>" prompt.

Is your current management interface in the same subnet as a data interface? If it is, that has to change to add a configuration for the diagnostic interface.

Re: Diagnostic interface on FTD 2110

tebogo.pholo1 — Tue, 09 Jun 2020 06:41:44 GMT

Hello, my current management interface and data interface are in different subnet. i am trying to add diagnostic interface in the same subnet is management which clearly is giving me an error.

Re: Diagnostic interface on FTD 2110

Marvin Rhoads — Tue, 09 Jun 2020 12:12:12 GMT

Please share the output of "show network" from the FTD cli and well as a screen shot of the interface configuration you are trying to deploy from FMC.

Here is a working example:

> show network
===============[ System Information ]===============
Hostname                  : ftdv-2.ccielab.mrneteng.com
Domains                   : ccielab.mrneteng.com
DNS Servers               : 172.31.1.8
Management port           : 8305
IPv4 Default route
  Gateway                 : 172.31.4.1
  Netmask                 : 0.0.0.0


======================[ eth0 ]======================
State                     : Enabled
Link                      : Up
Channels                  : Management & Events
Mode                      : Non-Autonegotiation 
MDI/MDIX                  : Auto/MDIX 
MTU                       : 1500
MAC Address               : 00:0C:29:F7:15:A8
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 172.31.4.5
Netmask                   : 255.255.255.0
Gateway                   : 172.31.4.1
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

>

Re: Diagnostic interface on FTD 2110

tebogo.pholo1 — Tue, 09 Jun 2020 19:31:45 GMT

attached but I could not fully reveal details of IP addresses. please let me know if these does help.

Just to make you aware. standalone FTD at one of our side did not give me issue when configuring diagnostic interface on the same subnet as the management interface. The one that is giving errors is in HA pair.

Re: Diagnostic interface on FTD 2110

Marvin Rhoads — Thu, 11 Jun 2020 12:06:56 GMT

I just verified on one of my deployments that has 2100 series (2140 in this case) running 6.4.0.7. The change to configure the previously unaddressed diagnostic interface in the same subnet as management worked fine.

Perhaps you should open a TAC case for more in depth troubleshooting.

Re: Diagnostic interface on FTD 2110

tebogo.pholo1 — Thu, 11 Jun 2020 13:28:12 GMT

Thanks @Marvin Rhoads , already raised a case with Cisco TAC. Will feedback when i get a response from TAC

Re: Diagnostic interface on FTD 2110

tebogo.pholo1 — Wed, 17 Jun 2020 19:21:06 GMT

The issue is basically caused by dynamic routing, in my case i need to remove bgp configurations, setup the ip address of diagnostic interface and reconfigure the bgp. Below link has more details

https://finkotek.com/cisco-asa-error-address-is-in-use-by-routing-instance-of-different-network-type/