Re: Does Cisco Firepower FTD 21xx supports /31 IP Address

Abraham012 · ‎01-30-2022

Hi Folks,

We have Cisco FTD 21xx and were in the process of configuring it up and have come to know ISP is using /31 subnet. Our ISP is using a /31 subnet for our internet link and it seems FMC will not support this when configuring the interface.

Is there any work arounds for this ?? We already checked with ISP, they said, they cant change the subnet.

Looking forward to some advice.

marce1000 · ‎01-30-2022

- FYI : https://community.cisco.com/t5/network-security/firepower-ftd-2110-31-ip/td-p/3912094

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎01-30-2022

- Additional : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg80765

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Aref Alsouqi · ‎01-30-2022

I've never tried it but I think you can configure a /31 for a point-to-point connection, at least on version 7.0.0. However, a better solution may be to ask the ISP to configure a secondary IP address on the interface connected to your FTD with a /30.

Abraham012 · ‎01-30-2022

@Marvin Rhoads,

Could you please confirm, on version 7.x also, its not supported.

Sheraz.Salim · ‎01-30-2022

I just test with version 6.7 does not support /31

please do not forget to rate.

Abraham012 · ‎01-30-2022

can anyone test it on 7.x and share your result. Much appreciated.

Aref Alsouqi · ‎01-30-2022

Here you go, found this link which confirms in the last table on the page that it is supported (with some limitations) from version 7.0 on:

Firepower Management Center Device Configuration Guide, 7.1 - Regular Firewall Interfaces [Cisco Firepower Management Center] - Cisco

Sheraz.Salim · ‎01-30-2022

Nice one @Aref Alsouqi I have take the photo for OP.

please do not forget to rate.

marce1000 · ‎01-30-2022

- Modernized (smile) : https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/interfaces-settings-ifcs-firewall.html#id_39144

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Abraham012 · ‎02-01-2022

I tried in my lab by installing 7.1 version. Yes am able to assign the /31 IP to the interface, but with warning as attached.

Aref Alsouqi · ‎02-01-2022

I think that warning is just to make you aware that if you configure a /31 on a broadcast connection it will break it. The /31 should only be configured for a point-to-point link where the connection doesn't care about the network and broadcast IP addresses.

frankd334 · ‎03-26-2023

Does this only work via FMC? I just tried this locally via FDM on an FTD 2110 running 7.3 and it will not accept it.

terje · ‎10-09-2023

Unfortunately, RFC3021 is still not supported with FDM in FTD 7.3.1.1