Solved: Re: Failed to create static route on FTD CLI for FMC

IP Team · ‎05-03-2018

Hi All,

I seemed to have lost connectivity from our FTD device to the FMC.

I can see that the BR1 interface is up and enabled:

> show network
===============[ System Information ]===============
.......
IPv4 Default route
Gateway : 192.168.50.25

======================[ br1 ]=======================
State : Enabled
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : x:x:x:x:x:x
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.50.27
Netmask : 255.255.255.248
Broadcast : 192.168.50.31

......

I can ping the default gateway:

> ping 192.168.50.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/30 ms
>

However when I try to add a static route:

> configure network static-routes ipv4 add br1 172.16.72.167 255.255.252.0 192.1
68.50.25
Interface br1 is not reporting link speed... count:0 at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/NetworkConf/NetworkSettings.pm line 3012.
IFTOOL did not report proper interface speed for br1: 'N/A' at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/NetworkConf/NetworkSettings.pm line 885.
Failed to update route configuration, make sure destination, netmask and gateway are valid

Any ideas please?

Many thanks!

Marvin Rhoads · ‎05-03-2018

Try dropping into expert mode and checking the routes that the underlying Linux OS knows with:

netstat -nr

View solution in original post

IP Team · ‎05-03-2018

I have managed to create the static route:

> configure network static-routes ipv4 add br1 172.16.72.0 255.255.252.0 192.168
.50.25
Interface br1 is not reporting link speed... count:0 at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/NetworkConf/NetworkSettings.pm line 3012.
IFTOOL did not report proper interface speed for br1: 'N/A' at /ngfw/usr/local/sf/lib/perl/5.10.1/SF/NetworkConf/NetworkSettings.pm line 885.
Configuration updated successfully

However I still can't seem to see it:

> show route management-only

Routing Table: mgmt-only
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set

or even in the diagnostic cli:

firepower# show route management-only

Routing Table: mgmt-only
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set

firepower#

IP Team · ‎05-03-2018

Appliance Heartbeat 2018-05-03 09:17:57 Appliance ASA-5516-X is not sending heartbeats.

IP Team · ‎05-03-2018

The problem is fixed, but can anyone describe what this command actually does:

> show route management-only

Routing Table: mgmt-only
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set

-

I've put in a static route for the management interface using:

> configure network static-routes ipv4 add br1 172.16.72.167 255.255.252.0 192.1
68.50.25

however it doesn't show up in the above command?

Thanks!

Marvin Rhoads · ‎05-03-2018

Try dropping into expert mode and checking the routes that the underlying Linux OS knows with:

netstat -nr

IP Team · ‎05-04-2018

Hi Marvin,

Great that showed my route!

What is the show route management-only used for? In my case it still shows as blank, but comes up in netstat in Linux

Regards

Shams

Marvin Rhoads · ‎05-10-2018

@IP Team

I'm not sure why the "route management-only" doesn't show the same thing as netstat -nr in expert mode. It would make sense if it did.