cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2002
Views
0
Helpful
3
Replies

FirePower 1140, unable to access Firepower Chassis manager

Deepak Kumar
VIP Alumni
VIP Alumni

Dear All,

We brought three 1140 firepower appliances and are facing difficulties with setting up devices. As we are unable to access firepower chassis manager using the browser and below are the details:

 

Try1:

Given IP under the Management Interface 1/1 using the DHCP protocol (Other than 192.168.45.0/24)

Management1/1 192.168.145.1 YES DHCP up up

Connect to FXOS and disabled DHCP as

 

 

firepower-1140# scope system
firepower-1140 /system # scope services
firepower-1140 /system/services # disable dhcp
firepower-1140 /system/services # disable dhcp-server
firepower-1140 /system/services # commit-buffer



Change to Fabric-interconnect and try to set up out-of-band IP address statically (Because default is 0.0.0.0)



firepower-1140 /system/services # scope fabric-interconnect a
firepower-1140 /fabric-interconnect # show

Fire Power:
ID OOB IP Addr OOB Netmask OOB Gateway OOB Gateway Use DataPort OOB Boot Proto OOB IPv6 Address Prefix OOB IPv6 Gateway OOB IPv6 Gateway Use DataPort IPv6 Boot Proto DHCPD Admin State Operability
---- --------------- --------------- --------------- ------------------------ -------------- ---------------- ------ ---------------- ----------------------------- --------------- -------------------- -----------
A 0.0.0.0 0.0.0.0 0.0.0.0 No Static :: 64 :: No Static DHCP Server Disabled Operable
firepower-1140 /fabric-interconnect #
firepower-1140 /fabric-interconnect # set out-of-band static ip 192.168.145.45 netmask 255.255.255.0 gw 192.168.145.100
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
firepower-1140 /fabric-interconnect* # show configuration
scope fabric-interconnect a
scope mgmt-interface 1
enable
set admin-duplex fullduplex
set admin-speed 1000mbps
set mtu 1500
exit
scope ipv6-config
set out-of-band static ipv6 :: ipv6-prefix 64 ipv6-gw ::
exit
+ set out-of-band static ip 192.168.145.45 netmask 255.255.255.0 gw 192.168.145.100
exit
firepower-1140 /fabric-interconnect* # commit-buffer
Error: commit-buffer disabled while in appliance mode.

 

 

As got above error "Error: commit-buffer disabled while in appliance mode". So I tried to change mode to the platform mode but that command is not working as:

 

 

ciscoasa(config)# no fxos mode appliance
^
ERROR: % Invalid input detected at '^' marker.

 

Second Try:

Tried to connect the Inside interface and established an HTTPS connection but it is opening an ASDM page.

 

Other tries:

Reset to factory default, firmware updated, and downgraded. 

 

 

ciscoasa(config)# sho ver

Cisco Adaptive Security Appliance Software Version 9.14(1)
SSP Operating System Version 2.8(1.105)
Device Manager Version 7.14(1)

Compiled on Wed 01-Apr-20 13:10 PDT by builders
System image file is "disk0:/installables/switch/fxos-k8-fp1k-lfbff.2.8.1.105.SPA"



firepower-1140# sho ver
Version: 2.8(1.105)
Startup-Vers: 2.8(1.105)
firepower-1140#

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
1 Accepted Solution

Accepted Solutions

Deepak Kumar
VIP Alumni
VIP Alumni

Finally,

We got an update from Cisco If 1100 and 1140 are with Cisco ASA then we can't use FXOS for any management or anything. it will be only hosting your ASAv. 

 

This is a reason that we can change the Mode from appliance to platform. Not so happy, I can say it is good to know.

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

3 Replies 3

plwalsh
Level 1
Level 1

Hi Deepak ,

I believe that the error message you saw for Try 1,

Error: commit-buffer disabled while in appliance mode.

means that you can not use Firepower Chassis Manager. With the device is in appliance mode, it is essentially an ASAv and it must be confgured using ASDM or the ASA CLI. I believe ASA on Firepower devices uses appliance mode from 9.14 up. Installing an older image might allow you run the Firepower device in Platform mode.

Regards,
Piaras

 

Deepak Kumar
VIP Alumni
VIP Alumni

Yes, you are right but as per my security team, somehow, we need Firepower chassis manager access without this we can't configure port-channel and future updates will also not be possible. Can anyone guide me more on how to access chassis manager or how to configure the chassis manager (FXOS) management interface? 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Deepak Kumar
VIP Alumni
VIP Alumni

Finally,

We got an update from Cisco If 1100 and 1140 are with Cisco ASA then we can't use FXOS for any management or anything. it will be only hosting your ASAv. 

 

This is a reason that we can change the Mode from appliance to platform. Not so happy, I can say it is good to know.

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
Review Cisco Networking for a $25 gift card