Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3177
Views
10
Helpful
4
Replies

Configuring firepower 2100? local-mgmt and ftd clis

Go to solution
Alex Willoughby
Level 1
Level 1

‎06-05-2020 05:00 AM

Hello,

 

Im just attempting to configure and add two 2100s to FMC. under the local-mgmt cli I have applied an IP address and I can ping FMC, however under the FTD cli ive added the manager (FMC) but am unable to route there. looking at the interfaces under the FTD cli there are no ip addresses, the mgmt interface is up but no IP nor routable.

 

How does this work? do the two clis share the same interfaces? do I put the same IP address on both interfaces? how do I give the ftd cli the IP address and default route?

 

ive been following the guides but they dont see to reference the 3 in total clis at all...

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fmc.html#task_imq_yw3_b3b 

 

Thanks for any help

 

 

 
> show interface
Interface Ethernet1/1 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/2 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/3 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/4 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/5 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/6 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/7 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/8 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/9 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/10 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/11 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Ethernet1/12 "", is admin down, line protocol is down
  Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec
	Available but not configured via nameif
Interface Management1/1 "diagnostic", is up, line protocol is up
  Hardware is en_vtun rev00, BW Unknown Speed-Capability, DLY 1000 usec
	Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
	Input flow control is unsupported, output flow control is unsupported
	MAC address 3c51.0e50.6701, MTU 1500
	IP address unassigned
	0 packets input, 0 bytes, 0 no buffer
	Received 0 broadcasts, 0 runts, 0 giants
	0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
	0 pause input, 0 resume input
	0 L2 decode drops, 0 demux drops
	0 packets output, 0 bytes, 0 underruns
	0 pause output, 0 resume output
	0 output errors, 0 collisions, 0 interface resets
	0 late collisions, 0 deferred
	0 input reset drops, 0 output reset drops
	input queue (blocks free curr/low): hardware (0/0)
	output queue (blocks free curr/low): hardware (0/0)
  Traffic Statistics for "diagnostic":
	0 packets input, 0 bytes
	0 packets output, 0 bytes
	0 packets dropped
      1 minute input rate 0 pkts/sec,  0 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  0 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
	Management-only interface. Blocked 0 through-the-device packets
 
1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎06-05-2020 05:29 AM

I had a similar scenario like you. As long as you have configured the FMC address in to the FTD. go to FMC and add this FTD. as the management control plan will form a tunnel and add this FTD into FMC. once the device is added to will have a more control. 

please do not forget to rate.

View solution in original post

4 Replies 4

Go to solution
Sheraz.Salim
VIP
VIP

‎06-05-2020 05:29 AM

I had a similar scenario like you. As long as you have configured the FMC address in to the FTD. go to FMC and add this FTD. as the management control plan will form a tunnel and add this FTD into FMC. once the device is added to will have a more control. 

please do not forget to rate.

Go to solution
Alex Willoughby
Level 1
Level 1
In response to Sheraz.Salim

‎06-05-2020 06:33 AM

Documentation is very unclear but yes regardless of what the config looks like if you add it via FMC it does go in. Thanks for the help
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-05-2020 09:07 PM - edited ‎06-05-2020 09:07 PM

Instead of "show interface, use "show network" to see the details of the management interface setup.

> show network 
===============[ System Information ]===============
Hostname                  : vftd-new.ccielab.mrneteng.com
Domains                   : ccielab.mrneteng.com
DNS Servers               : 172.31.1.8
Management port           : 8305
IPv4 Default route
  Gateway                 : 172.31.1.1
  Netmask                 : 0.0.0.0


======================[ br1 ]=======================
State                     : Enabled
Link                      : Up
Channels                  : Management & Events
Mode                      : Non-Autonegotiation 
MDI/MDIX                  : Auto/MDIX 
MTU                       : 1500
MAC Address               : 00:0C:29:24:8E:3F
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 172.31.1.24
Netmask                   : 255.255.255.0
Gateway                   : 172.31.1.1
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

>

 

Go to solution
Sheraz.Salim
VIP
VIP
In response to Marvin Rhoads

‎06-06-2020 12:26 AM

@Marvin Rhoads documentation is not very clear. I had similar issue I think i did issue the command you mentioned. but just thinking might cisco need to update the document paper.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card