Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1658
Views
5
Helpful
4
Replies

Cisco FTD 1010 needed switch between it and the ISP to come up

Travis-Fleming
Level 1
Level 1

‎07-10-2020 06:28 AM

I recently came back from implementing my 12th Cisco FTD 1010 device to a remote site and this one was a bear. The outside interface would not come up no matter what I did. No link lights, but the FMC showed the port was enabled, but down. We called the ISP (AT&T) who has a Ciena router as the default gateway next hop device. They assured me the port was properly configured for their side and enabled.

 

What I ended up having to do was plug the outside interface of the 1010 into a segregated VLAN on a switch that then connected to the ISP and it came up instantly.

 

Has anyone else had any experience with this or any ideas of what may have caused this? I find it odd that the interface would not come up until a switch was put as an intermediate in between the 1010 and the ISP Ciena router.

0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎07-10-2020 12:35 PM - edited ‎07-10-2020 12:37 PM

Do you know if the Ciena interface was hardcoded speed and duplex?  Sounds like the FTD1010 and the router were not able to agree on something.

Also, what type of interface on the Ciena router interface compared with the interface you are using on the FTD10101? for example, 1Gig, 10Gig, etc.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Travis-Fleming
Level 1
Level 1
In response to Marius Gunnerud

‎07-10-2020 12:43 PM

Thank you for the reply Marius. Their device was indeed hardcoded for 100 MB and full duplex, so on our FTD we matched those settings. I do not know what type of interface they have in terms of 1Gig or more.

 

Even if the duplex and speed mismatched would the link light at least come up though you think? I've had that with MPLS routers when we upgrade speeds the ISP decides to hard code instead of auto-negotiate, but the link lights come up it just works like poo.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to Travis-Fleming

‎07-11-2020 01:32 PM

I have encountered situations with Nexus switches and FTD where one of these devices are set to auto negotiate and the uplink is hardcoded to a lower speed than what the interface defaults to and the link doesn't come up (interface up / line protocol down).  We have always solved this by setting the hardcoded side to auto but we have had the luxury of doing so.

Did matching up the speed and duplex solve your issue?

--
Please remember to select a correct answer and rate helpful posts

Travis-Fleming
Level 1
Level 1
In response to Marius Gunnerud

‎07-13-2020 06:02 AM

What we ended up doing is we also had an ISR 4331 with a 4 port switch NIM in it with spare ports 1U down. So we created a segregated vlan on two of the ports and used it as an intermediate. Then the dmarc plugged into the switch, then switch to 1010 and it came up. It is odd to us the ISP said their device was set to hard coded 100 MB and full duplex, and even when we did that to our 1010, a link light was not produced.

 

I have to wonder if the ISP tech was just stating that, and in reality it was not correctly set. We may never know, but we are up now.

 

Odly enough my manager here when he setup our Cisco ASA 5516 with our Nexus 7K had the same problem as you described and had to resolve it in the same manner. So there has to be something to that.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card