Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
123
Views
0
Helpful
0
Replies

Firepower 1010 Interface config to connect vlans to remote switch

chris0754
Level 1
Level 1

‎02-10-2025 07:45 AM - edited ‎02-10-2025 07:50 AM

I have a Cisco Firepower 1010 that I am trying to connect to a ubiquiti network switch that is configured for 3 vlans, default 1, 120 and 130.  I have configured the same vlans on the Cisco Firepower 1010 and have setup DHCP servers for each vlan.  I have created Objects for each network for the vlans.  Vlan 1 172.16.1.0/24, Vlan 120 172.16.2.0/24, Vlan 130 172.16.3.0/24.  I have created Security Zones for each Vlan, mode Routed, Interface is the vlan.  I have created Access Control (Inside to outside for each vlan.  I have created dynamic NAT's for each vlan.

Access Control:
Inside_Outside_Rule
Action: Trust
inside_zone > any network > any port >any sgt group
outside_zone > any network > any port > any sgt group

NAT:
InsideOutsideNatRule
Manual NAT
Status  Enabled
Placement: Before Auto NAT Rules
Type Dynamic
Source interface:  inside
Source address: any-ipv4
Source port, Destination address and destination port set to any.

Destination interface:  outside
source address:  interface
Source port, Destination address and destination port set to any.

On the 1010 I set the Ethernet 1/3 Sqitch Port as VLAN Trunk, Native Vlan1, and Associated VLAN's 1, 120 and 130.

When I connect interface1/3 to the ubiquity switch with a patch cord, when I connect my laptop with a patch cord to a port on the ubiquiti switch, I get a DHCP address from the Cisco 1010 for the correct vlan network.  I have tested all 3 vlans by moving my patch cord to different ports on the switch assigned untagged vlan1, 120, 130, this all works properly.  1 have inerface 1/2 on the Cisco switch configured as access, assigned to Vlan 1.  When I connect my laptop with a patch cord to interface 1/2 on the 1010, I get a DHCP IP address that is correct for Vlan 1, and I can ping devices connected to ubiquiti switch to untagged vlan1 ports.  I can also ping the default gateway for the vlan, and get to the internet.  The devices on the ubiquiti switch are able to get DHCP addresses for the correct vlan1 and are able to ping my laptop connected on interface 1/2 on the 1010, but they can not ping the default gateway or get to the internet.  On the 1010 CLI Console I can ping my laptop on interface 1/2 (vlan1), but I am not able to ping any devices connected to the ubiquiti switch on vlan1 connected to interface 1/3 on the 1010.  This is also true for vlan 120, and 130.  I cant seem to figure out what I am doing wrong?  Ver 7.2.5-208

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card