Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
3
Replies

Cisco Firepower 1010 stop forwarding packages on switchports

lcthasenhod
Level 1
Level 1

‎01-18-2022 03:47 AM - edited ‎01-18-2022 03:53 AM

Hi All,

 

After upgrading to 7.0.1 and/or 7.1 our Cisco Firepower 1010 devices suddenly stopped forwarding packages on ports configured as switchports, routed ports works perfectly, and the ports that stops forwarding is random ports, and we have to switch the port to routed and back then it starts working for a while until it suddenly stops again, please advice as we have to use 7.0.1 and/or 7.1 because of lacking features in FTD 6.6/6.7 and ASA software.

 

Kind Regards,

Lars

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-18-2022 03:59 AM

Not that i am aware or any one reported this kind of issue.

 

what is the switch Logs show, can you post switch side config and also interface output ?

 

most of the bugs reported here :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/bugs.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/710/relnotes/firepower-release-notes-710/bugs.html

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lcthasenhod
Level 1
Level 1
In response to balaji.bandi

‎01-18-2022 04:22 AM

Hi All,

 

Here is the output

 

interface Ethernet1/1
no switchport
nameif xxx
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address x.x.x.x x.x.x.x
!
interface Ethernet1/2
no switchport
nameif xxxx
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
dhcp client route distance 2
ip address dhcp setroute
!
interface Ethernet1/3
switchport
switchport access vlan 120
!
interface Ethernet1/4
switchport
switchport trunk allowed vlan 100,110,120,130,200
switchport trunk native vlan 100
switchport mode trunk
!
interface Ethernet1/5
switchport
switchport access vlan 120
!
interface Ethernet1/6
switchport
switchport access vlan 120
!
interface Ethernet1/7
switchport
switchport access vlan 125
power inline auto
!
interface Ethernet1/8
switchport
switchport access vlan 120
power inline auto


Interface Ethernet1/1 "xxx", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
MAC address 20cf.aec5.6bc8, MTU 1500
IP address x.x.x.x, subnet mask x.x.x.x
Traffic Statistics for "parknet":
39109251 packets input, 50826436126 bytes
14832449 packets output, 5656074607 bytes
84364 packets dropped
1 minute input rate 290 pkts/sec, 181739 bytes/sec
1 minute output rate 295 pkts/sec, 99990 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 298 pkts/sec, 206452 bytes/sec
5 minute output rate 286 pkts/sec, 129393 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet1/2 "xxxx", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
MAC address 20cf.aec5.6bc9, MTU 1500
IP address x.x.x.x, subnet mask x.x.x.x
Traffic Statistics for "yousee":
4830519 packets input, 1714799655 bytes
443220 packets output, 160099830 bytes
31676 packets dropped
1 minute input rate 23 pkts/sec, 1224 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 23 pkts/sec, 1222 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet1/3 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif
Interface Ethernet1/4 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif
Interface Ethernet1/5 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif
Interface Ethernet1/6 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif
Interface Ethernet1/7 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif
Interface Ethernet1/8 "", is up, line protocol is up
Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
Available but not configured via nameif

0 Helpful

Marius Gunnerud
VIP
VIP

‎01-18-2022 07:46 AM

This is very buggy behavior, especially if it starts working for a while after going to routed port and then back to switched port.  I have not been able to find any information related to this.  I suggest opening a case with TAC.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card