Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
2
Replies

Anyone enjoy Firepower 1010s absolutely NOT being able to trunk?

Go to solution
steeda
Level 1
Level 1

‎09-01-2023 09:33 PM

6.6 to 7.3 - all in between - never EVER reliable.

Ports 7 and 8 - an AP on each = trunked

1 will work, 1 won't. 2 will work... power outage - 1 will work, 1 won't - but reversed this time. Can SSH to AP - it can't ping FTD. Reboot - now that one CAN ping FTD, other one previously working now cannot. FTD passes NO TRAFFIC from either port 7 or 8, trunked to APs. Totally random, total disaster. 

Effing LOL that it's 2023 and FTD still doesn't work on 1010. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
steeda
Level 1
Level 1

‎09-15-2023 10:39 AM

Solved this. Well - work around.

You must absolutely not have APs plugged into the device when it boots if they're trunked. Boot firewall, wait for it to COMPLETELY initialize, then plug APs in. If not - the 1010 will never respond to ARPs on the trunk interfaces. A reboot will randomly work and randomly fail the trunks. Of note:

1. Once they get into this state, unplugging the APs and replugging ( cold boot of APs ) does not fix the issue. The 1010 will always only allow 1 of the 2 PoE ports the trunked APs are on to work. Random which one works each time. 

2. Soft reboot from GUI of 1010 will not fix the issue.

3. Soft reboot from CLI of APs will not fix the issue.

*only* a full power off reboot of the 1010, with PoE ports empty, will fix the issue. APs plugged in after COMPLETE boot of 1010 - works. This has persisted from 6.7 all the way to the current version. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-02-2023 01:52 AM

Looks you have many problems - i am sure there may be some problems all the products and the kind of problem you mentioned here not sounds like the configured as expected - i am sure i am one of the user like other working and FTD working as expected (i know something lacking on the models) - but that no bad if you looking just firewall.

have you contacted TAC - can you post the config here and what other side you trunked with AP? (we need to consider this is FW not a switch - may have certain features limited) - AP connected directly to FTD ? ( have you consoled to AP and checked what is output on console ?)

1 will work, 1 won't. 2 will work... power outage - 1 will work, 1 won't

these ports connected to where ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
steeda
Level 1
Level 1

‎09-15-2023 10:39 AM

Solved this. Well - work around.

You must absolutely not have APs plugged into the device when it boots if they're trunked. Boot firewall, wait for it to COMPLETELY initialize, then plug APs in. If not - the 1010 will never respond to ARPs on the trunk interfaces. A reboot will randomly work and randomly fail the trunks. Of note:

1. Once they get into this state, unplugging the APs and replugging ( cold boot of APs ) does not fix the issue. The 1010 will always only allow 1 of the 2 PoE ports the trunked APs are on to work. Random which one works each time. 

2. Soft reboot from GUI of 1010 will not fix the issue.

3. Soft reboot from CLI of APs will not fix the issue.

*only* a full power off reboot of the 1010, with PoE ports empty, will fix the issue. APs plugged in after COMPLETE boot of 1010 - works. This has persisted from 6.7 all the way to the current version. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card