Solved: Re: Combining LAN ports on Cisco Firepower /Ethercahnnel or something - Page 2

amh4y0001 · ‎07-07-2023

Hi,

I have Cisco Firepower 1100 series (FPR-1120)
System image file is "disk0:/installables/switch/fxos-k8-fp1k-lfbff.2.8.1.105.SPA"

I am in a need to configure two or more LAN interfaces to make a LAN which can communicate at LAN level (in other words, in the same VLAN or same network).
I created a Ether channel as:

And let the DHCP (with all default values) to assign the IP addresses.

Now one of the member port is now connected with a network which is distributing IP addresses via DHCP.
When I connect a PC to second member port, it didn't get any IP from DHCP.

What should be configured to achieve a LAN based communication /switching so that I connect multiple devices belonging to the same network.

Note: I fully understand that Firepower is not designed for switching, and best solution should be to connect a LAN Switch in between to attach multiple clients. But sometimes, needs to find a solution outside of the recommended zone.
Any suggestion /step by step guide /screenshots will be appreciated.

MHM Cisco World · ‎07-10-2023

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/70391-pix-asa-dhcp-svr-client.html

step to config DHCP server in ASA via ASDM

amh4y0001 · ‎07-10-2023

you need assign IP to BVI

I believe I am doing it correct i.e. assign static IP address to BVI interface.

you need to enable DHCP server in this interface to make endpoint get IP from ASA BVI. >> If static IP address is assigned, how I can enable DHCP server?

amh4y0001 · ‎07-10-2023

@MHM Cisco World Thanks for reply.

Now have enabled DHCP on BVI interface as:

Connected a client and still I didn't get IP from DHCP scope, but APIPA 169.x.x.x

MHM Cisco World · ‎07-10-2023

FPR
endpoint1 connect to Eth1 (for example)
endpoint2 connect to Eth2 (for example)

go to interface Eth1 and Eth2 and add it to group 1
and config name for each interface (as you want).

amh4y0001 · ‎07-10-2023

@MHM Cisco World Thanks for supportive reply.

Can you have a look on the following (step-by-step) procedure? I am still getting 169.x.x.x on the end points side.

FW3# sh ip address
System IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet1/2 inside 192.168.1.1 255.255.255.0 CONFIG
Ethernet1/3 10.11.12.107 255.0.0.0 manual
Ethernet1/4 10.11.12.107 255.0.0.0 manual
Management1/1 management unassigned unassigned DHCP
BVI7 BVI7 10.11.12.107 255.0.0.0 manual
Current IP Addresses:
Interface Name IP address Subnet mask Method
Ethernet1/2 inside 192.168.1.1 255.255.255.0 CONFIG
Ethernet1/3 10.11.12.107 255.0.0.0 manual
Ethernet1/4 10.11.12.107 255.0.0.0 manual
Management1/1 management unassigned unassigned DHCP
BVI7 BVI7 10.11.12.107 255.0.0.0 manual

MHM Cisco World · ‎07-10-2023

all OK, just add nameif & secuirty level (must be 100) of port connect to endpoint

amh4y0001 · ‎07-10-2023

@MHM Cisco World
Security level is configured same as for the inside interface i.e. 100 ... or it should be something different?

Regarding the name, you mean Eth3 and Eth4 should be named differently? I tried to have same as BVI7, but that wasn't allowed.

MHM Cisco World · ‎07-10-2023

security level must same for endpoints ports and BVI
name must be different like BVI7_1 and BVI7_2

amh4y0001 · ‎07-10-2023

A BIG Thank YOU @MHM Cisco World

Finally, endpoints are received IP address as it should be.

MHM Cisco World · ‎07-10-2023

You are So So welcome
thanks for your words
have a nice day
MHM

amh4y0001 · ‎07-10-2023

Have a nice day you too @MHM Cisco World, your suggestion to use BVI instead of Ether channel saved the day, highly appreciated.

Combining LAN ports on Cisco Firepower /Ethercahnnel or something else