07-20-2022 06:05 AM
I am in the process of adding some new vlans to our network. I know on my switches I can add the new vlans to the port channels and not have an issue with the channel dropping. Is this the same for the Firepower firewalls. I am using two 1140s in HA managed by FMC. I don't have a way to test this without scheduling an outage which I would prefer not to if it isn't necessary. If the firewalls behave like the switches I can add the new vlan to the port channel at each end without disrupting traffic. I would just like to verify that is the case.
Solved! Go to Solution.
07-20-2022 07:49 PM
hi, there is no reconvergence or port bonusing when adding new vlan interface to firewall port channel. you can just add it.
07-20-2022 08:57 AM
can you share logical diagram how devices are connected. if your VLANs using FW as default gateway point, you can add new VLAN interface to FW inside interface (or any interface where network is terminating). if your firewall have port channel and using that as a gateway to VLANs, you can add new VLAN interfaces to portchanel.
07-20-2022 09:37 AM
I know I can add the vlan to the port channel. That isn't the issue. I just want to make sure that when I add the new vlan it is not going to force the port channel to reconverge and I will lose traffic on that channel while it is doing it. I know I can do it on my switches but I haven't done it on my firewalls yet.
07-20-2022 07:49 PM
hi, there is no reconvergence or port bonusing when adding new vlan interface to firewall port channel. you can just add it.
07-21-2022 05:52 AM
Thanks. That is what I thought but I have no way to test to make sure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide