Cisco Secure FW 3100 MGMT

johnlloyd_13 · ‎08-24-2023

hi,

i'm checking the new 3100 FW series and noticed the on board MGMT is a fiber SFP.

not sure why it's design/built this way and not the provide the usual GE port and to patch to a switch (or use copper SFP)?

it's costly to get SFP and fiber cable just to get an out out band MGMT access.

https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-3100-series-ds.html

i plan to build a 3100 in ASA multi context mode, so the only way for me to get remote management (SSH and ASDM) is to allocate the 'admin' context with an inband sub-interface for MGMT VLAN?

balaji.bandi · ‎08-24-2023

There may be Lot of use case people looking SFP i guess, that is the reason Cisco gone for SFP port - i understand your requirement RF45 - Now you have only Option to get GLC-T SFP and move on.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

johnlloyd_13 · ‎08-24-2023

hi,

per cisco doc, management port is using a fiber SFP and not copper GLC SFP.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/hardware/3100/fw-3100-install/m-overview.html#concept_fcc_frw_1cb

Management Port Status

The 1/10-Gb fiber management port has a bicolor LED under the SFP cage that indicates link/activity/fault:

Off—No SFP.
Green—Link up.
Green, flashing—Network activity.
Amber—SFP present, but no link.

Milos_Jovanovic · ‎08-25-2023

Sorry, my bad. Yes, you are right. As per documentation, only fiber SFP is supported.

I have a customer for which we implemented RJ45 management port, but I got it wrong - we haven't used GLC-TE in Mgmt port, we have used Eth1/1 as "management" port instead. I mixed it up, as I thought we placed GLC-TE in Mgmt port and manage it from there.

Kind regards,

Milos

balaji.bandi · ‎08-25-2023

What we are saying Port May be SFP - you need to order SFP ( so Copper SFP is GLC-T - so that can be used for Ethernet conversion)

https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/gigabit-ethernet-gbic-sfp-modules/datasheet-c78-366584.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Milos_Jovanovic · ‎08-24-2023

Hi @johnlloyd_13,

FPR3100 devices have SFP management port, but I'm not sure if they are being shipped with included SFP module (at least that is how FPR4100 was shipped before). I don't see it in configurator tool, thus I can't be sure if it is included, but I would expect it not to be in such case. You could order additional GLC-TE instead of SR or LH module, if you prefer electrical module. From my standpoint, price of SFP module is usually very low as compared to overall price of FPR3100, so my customers don't really care about it.

But yes, if you don't want to get additional SFP module for Mgmt port, then you can assign one of the data interfaces to 'admin' context.

Kind regards,

Milos

johnlloyd_13 · ‎08-25-2023

hi,

thanks! was just surprised to know the 3100 doesn't have OOB RJ45 for MGMT.

i'll just either assign one of the ports for OOB MGMT or create a subif with MGMT VLAN allocated in the 'admin' context.

balaji.bandi · ‎08-25-2023

 was just surprised to know the 3100 doesn't have OOB RJ45 for MGMT.

Agreed - many be cisco moving to SFP as per the users request (rather just sticking to RJ45 - people can use SFP port for Fibre and RJ45 both - that is advantage here)

I found same when i was installing and testing (then we used GLC-T and connect to OOB) - some of our OOB has Fibre - it was suitable for us some cases and it was good.

i'll just either assign one of the ports for OOB MGMT or create a subif with MGMT VLAN allocated in the 'admin' context.

When we use dedicated MGMT port it has MGMT features - if you using normal port convering to MGMT - just ware of that information.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help