Solved: Cannot commit (commit-buffer) while configuring Firepower 2140

AlexPi · ‎01-28-2020

Hello All,

I am trying to enable several ports on a Cisco Firepower 2140 but when I commit the changes (commit buffer) , I get the following message: Error: Changes not allowed. use: 'connect ftd' to make changes.
The change I am making from within fxos is fairly simple:

CYCFTD01# scope eth-uplink

CYCFTD01 /eth-uplink # scope fabric a

CYCFTD01 /eth-uplink/fabric # enter interface Ethernet1/13

CYCFTD01 /eth-uplink/fabric/interface # enable

CYCFTD01 /eth-uplink/fabric/interface* # set auto-negotiation yes

CYCFTD01 /eth-uplink/fabric/interface* # commit-buffer
Error: Changes not allowed. use: 'connect ftd' to make changes.

Currenly ourISP interface is conencted there. I will also need to do this for multiple other ports but it seems that the ftd does not want to commit my changes.

Thanks in advance!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

Abheesh Kumar · ‎01-28-2020

Hi,
As i know for FTD 2100 series, interface configuration/modification need to be done via FMC or FDM. I don't think so via CLI it supports. For FTD 4100 & 9300 you can make changes via the FXOS cli.
Hope This Helps
Abheesh

View solution in original post

Abheesh Kumar · ‎01-28-2020

Hi,
As i know for FTD 2100 series, interface configuration/modification need to be done via FMC or FDM. I don't think so via CLI it supports. For FTD 4100 & 9300 you can make changes via the FXOS cli.
Hope This Helps
Abheesh

AlexPi · ‎01-29-2020

Hello Abheesh,

I guess to do so, as this is an out of the box configuration, I will have to skip the initial setup and forgo the setup wizard. I guess everythign can then be configured via the FDM.
Note that I am doign the initial setup on the local device manager, so I can get the Outside Interface up and then create a site-to-site VPN towards our main site where FDM is.

Thanks!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

AlexPi · ‎01-30-2020

So I have managed to enable the Ethernet interfaces directly from FTD, but now I have the same issue in setting up an ether channel, as the command line tool will again show m ethe Error: Changes not allowed. use: 'connect ftd' to make changes, as soon as I try to commit.
Looking further into this, the only way to setup an ether channel is the CLI...

Anyone has an insight into this new issue I am seeing?

Thanks!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------

Pedro Narciso · ‎01-31-2020

Hello,

On FPR2100 you cannot create a Port-Channel from FXOS CLI unless you use an ASA as a logical device.

The FTD Port-Channel on FPR2100 appliances is managed by the FXOS code, but the configuration is done from the FMC since the FTD and FXOS code is integrated in one software bundle.

AlexPi · ‎02-02-2020

Thanks for that! Found the same on the documentation as well after a bit of digging!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------