Crazy error with Management Interface - Page 2

Derek1993 · ‎06-30-2023

Hello evryone! Need Help!

I have already configured my FP 1120 via Firepower Device Manager - all is Ok. But after some times I receive error: On mai window of ftd my ISP icon is grey and NTP Service doesn't work - also grey! I know that there is an error with Management Interface, BUT I cann't uderstandt what configuration is correct. So for now my Management Interface Configuration is:
Use Unique Gateways for the Management Interface with Fallback to Data Interfaces

output of command show network:

DNS Servers               : 1.1.1.1
                            1.0.0.1
DNS from router           : disabled
Management port           : 8305
IPv4 Default route
  Gateway                 : data-interfaces

==================[ management0 ]===================
Admin State               : enabled
Admin Speed               : 1gbps
Operation Speed           : indeterminate
Link                      : link-down
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : 40:06:D5:85:FF:80
----------------------[ IPv4 ]----------------------
Configuration             : DHCP
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled

I have tried also using static route for my FP 1120 - Did work!
Plz Help !

Derek1993 · ‎06-30-2023

Yes I saw, maybe it means that some problem with ISP ?

or How I can enable interface

MHM Cisco World · ‎07-02-2023

I think FMC 6.7 before not support data interface as mgmt interface
FMC 6.7 later support data interface as mgmt interface
which ver. you use for FMC ?

Derek1993 · ‎07-03-2023

No I use FDM Latetst version

Derek1993 · ‎07-03-2023

@Aref Alsouqi @MHM Cisco World @Kasun Bandara Hey there. The main question for now How I can Use Management interface on my FP 1120 with latest verion of FDM via Data Interface, because for now I have next situation:

MHM Cisco World · ‎07-03-2023

I really sorry for late reply
I will answer you tonight
thanks
MHM

MHM Cisco World · ‎07-03-2023

MHM Cisco World · ‎07-03-2023

there are two interface you can use for FDM in FPR1120
mgmt dedicate interface
ethernet from 1 to 8 data interface

both have DHCP by default
one DHCP subnet 192.168.1.0
other DHCP subnet 192.168.45.0

Ethernet 1/2—Connect your management computer directly to Ethernet 1/2 for initial configuration, or connect Ethernet 1/2 to your inside network. Ethernet 1/2 has a default IP address (192.168.1.1) and also runs a DHCP server to provide IP addresses to clients (including the management computer), so make sure these settings do not conflict with any existing inside network settings.
Management 1/1 (labeled MGMT)—Connect your management computer directly to Management 1/1 for initial configuration, or connect Management 1/1 to your management network. Management 1/1 has a default IP address (192.168.45.45) and also runs a DHCP server to provide IP addresses to clients (including the management computer), so make sure these settings do not conflict with any existing inside network settings.

this DHCP server run by default allow connect mgmt PC to FPR directly and PC get IP from DHCP subnet
NOW
mgmt plane is separate than data plane

so there is small chance that there is conflict between IP assign to any data interface and mgmt subnet
BUT
data interface DHCP default subnet can conflict with other data interface, here you need to disable the DHCP default server for data interface.

follow these steps

Step 1

Click Device, then click the link in the Interfaces summary.

Step 2

Mouse over the Actions column for the inside interface and click the edit icon (

).

Step 3

On the IPv4 Address tab, enter a static address on a unique subnet, for example, 192.168.2.1/24 or 192.168.46.1/24. Note that the default management address is 192.168.45.45/24, so do not use that subnet.

You also have the option to use DHCP to obtain an address if you have a DHCP server already running on the inside network. However, you must first click Delete in the DHCP SERVER IS DEFINED FOR THIS INTERFACE group to remove the DHCP server from the interface.

Step 4

In the DHCP SERVER IS DEFINED FOR THIS INTERFACE area, click Edit and change the DHCP pool to a range on the new subnet, for example, 192.168.2.5-192.168.2.254.

Step 5

Click OK to save the interface changes.

Step 6

Click the Deploy button in the menu to deploy your changes.

Derek1993 · ‎07-03-2023

@MHM Cisco World Thx for the such answer, BUT I have alredy configured all my data interfaces, and there are not any interfaces with DHCP like for Management interface: 192.168.45.0/24...! I don't use this subnet 192.168.45.0/24 ??
Any ideas ?

Derek1993 · ‎07-03-2023

@MHM Cisco World @Aref Alsouqi @Kasun Bandara What is correct configuration for Management interface ??
I am using like this config for now:
Is it correct configuratio ??

MHM Cisco World · ‎07-03-2023

192.168.45.0/24 <<- this default mgmt subnet which you change to 192.168.1.0
192.168.1.0<<- this default data interface subnet

NOW connect cable to mgmt interface <<- this interface is dedicate interface it NOT data interface

Derek1993 · ‎07-03-2023

Ok. In this configuration I must to provide Gateway and Pool of DHCP Address ? What about it ?

Derek1993 · ‎07-03-2023

AND One MORE: How I can configure Management Interface without conncetion cabel to its interface ???

MHM Cisco World · ‎07-04-2023

Hi

there are two ways to config mgmt
1- use dedicate mgmt interface
1-A the GW is data interface of FPR, the data interface must be in same as mgmt interface subnet
1-B the GW is not data interface ""unique gw""
2-use data interface ""management-only""
this way you dont need any GW.

so from your previous posts you dont need to use dedicate mgmt you need to use data interface as mgmt for FPR.

Derek1993 · ‎07-04-2023

Thx for answer:
Yes for now I am use Management interface via Data GW as on the screen above:
and What Configuration I must to do ? That make done this issue ?

MHM Cisco World · ‎07-04-2023

if this Data Interface you config as GW for mgmt interface is within same subnet THAT OK
BUT
you want to connect SW
mgmt interface of FPR -SW-Data interface of FPR
you can in SW connect your PC and access FDM
so you need with this config interconnect mgmt interface and it GW data interface
same like below
https://www.cisco.com/c/en/us/support/docs/security/firepower-2100-series/213519-configure-fdm-firepower-device-manageme.html