01-15-2023 10:55 PM
Hi,
I have Firepower 2100 (Cisco Fire Linux OS v6.2.3 (build 13) Cisco Firepower 2110 Threat Defense v6.2.3 (build 83))
and my pc have IP is range: 172.31.31.x
SSH (IP: 172.31.31.254) is ok, , unable to access https, and unable to add management IPv4, when I add the IP it keep unassigned in the interface,
configure network ipv4 manual 172.31.31.33 255.255.255.0 172.31.31.254 Management1/1
Below the running configuration:
: Hardware: FPR-2110, 6843 MB RAM, CPU MIPS 1200 MHz, 1 CPU (6 cores)
:
NGFW Version 6.2.3
!
hostname firepower
!
interface Ethernet1/1
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
!
interface Ethernet1/2
no nameif
no security-level
no ip address
!
interface Ethernet1/2.11
vlan 11
nameif admin1-wired
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.11.254 255.255.255.0
!
interface Ethernet1/2.12
vlan 12
nameif admin2-wired
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.12.254 255.255.255.0
!
interface Ethernet1/2.33
vlan 333
nameif power-users
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.31.33.254 255.255.255.0
!
interface Ethernet1/3
no nameif
no security-level
no ip address
!
interface Ethernet1/3.13
vlan 13
nameif service-wired
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.13.254 255.255.255.0
!
interface Ethernet1/3.14
vlan 14
nameif factory-wired
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.14.254 255.255.255.0
!
interface Ethernet1/3.20
vlan 20
nameif wireless-users
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.20.254 255.255.255.0
!
interface Ethernet1/4
no nameif
no security-level
no ip address
!
interface Ethernet1/4.329
vlan 329
nameif vp
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.31.29.254 255.255.255.0
!
interface Ethernet1/4.331
vlan 331
nameif it
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.31.31.254 255.255.255.0
!
interface Ethernet1/5
nameif servers
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.100.254 255.255.255.0
!
interface Ethernet1/6
no nameif
no security-level
no ip address
!
interface Ethernet1/6.21
vlan 21
nameif guest
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.250.254 255.255.255.0
!
interface Ethernet1/6.22
vlan 22
nameif guest-vp
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 192.168.251.254 255.255.255.0
!
interface Ethernet1/7
nameif wireless-mgmnt
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.31.32.254 255.255.255.0
!
interface Ethernet1/8
nameif surveillance_interface
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 10.0.101.254 255.255.255.0
!
interface Ethernet1/9
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/10
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/11
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/12
nameif sw-mgmnt
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address 172.31.30.254 255.255.255.0
!
interface Ethernet1/13
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/14
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/15
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet1/16
shutdown
no nameif
no security-level
no ip address
!
interface Management1/1
management-only
nameif mgmnt
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
http server enable
http 172.31.31.0 255.255.255.0 it
http 192.168.1.0 255.255.255.0 outside
01-15-2023 11:55 PM
Are you trying to manage the FTD device using FMC or FDM?
Issue the command show managers to see how the FTD is currently being managed
If you are trying to use FDM you need to configure the following command on the CLI:
configure manager local
01-16-2023 12:01 AM
Thanks for your reply,,,
I am trying to use FDM
> show managers
Managed locally.
But why Firepower refuse to assign IP to management1/1, no error when assign the ipv4 using the command ?
01-16-2023 12:05 AM
Ethernet1/2.11 10.0.11.254 YES CONFIG up up
Ethernet1/2.12 10.0.12.254 YES CONFIG up up
Ethernet1/2.33 172.31.33.254 YES CONFIG up up
Ethernet1/3 unassigned YES unset up up
Ethernet1/3.13 10.0.13.254 YES CONFIG up up
Ethernet1/3.14 10.0.14.254 YES CONFIG up up
Ethernet1/3.20 10.0.20.254 YES CONFIG up up
Ethernet1/4 unassigned YES unset up up
Ethernet1/4.329 172.31.29.254 YES CONFIG up up
Ethernet1/4.331 172.31.31.254 YES CONFIG up up
Ethernet1/5 10.0.100.254 YES CONFIG up up
Ethernet1/6 unassigned YES unset up up
Ethernet1/6.21 192.168.250.254 YES CONFIG up up
Ethernet1/6.22 192.168.251.254 YES CONFIG up up
Ethernet1/7 172.31.32.254 YES CONFIG up up
Ethernet1/8 10.0.101.254 YES CONFIG up up
Ethernet1/9 unassigned YES unset admin down down
Ethernet1/10 unassigned YES unset admin down down
Ethernet1/11 unassigned YES unset admin down down
Ethernet1/12 172.31.30.254 YES CONFIG up up
Ethernet1/13 unassigned YES unset admin down down
Ethernet1/14 unassigned YES unset admin down down
Ethernet1/15 unassigned YES unset admin down down
Ethernet1/16 unassigned YES unset admin down down
Internal-Data1/1 169.254.1.1 YES unset up up
Management1/1 unassigned YES unset up up
>
01-16-2023 12:05 AM
To see the FTD mgmt IP you need to use the command:
show network
The management plane on the FTD is seperate from the data plane by default and will not show in the output of show run. Is it still not present when issuing this show command?
01-16-2023 12:06 AM
Show network giving blank (no result)
01-16-2023 12:13 AM
could you elaborate more on "giving blank"? do you mean no IP is shown or there is no output at all?
You should be seeing something like the following:
> show network ===============[ System Information ]=============== Hostname : firepower DNS Servers : 208.67.222.222 208.67.220.220 Management port : 8305 IPv4 Default route Gateway : 10.88.243.129 ==================[ management0 ]=================== State : Enabled Channels : Management & Events Mode : Non-Autonegotiation MDI/MDIX : Auto/MDIX MTU : 1500 MAC Address : 00:2C:C8:41:09:80 ----------------------[ IPv4 ]---------------------- Configuration : Manual Address : 10.88.243.253 Netmask : 255.255.255.128 Broadcast : 10.88.243.255 ----------------------[ IPv6 ]---------------------- Configuration : Disabled ===============[ Proxy Information ]================ State : Disabled Authentication : Disabled
01-16-2023 12:17 AM - edited 01-16-2023 12:23 AM
Yes no output
01-16-2023 12:23 AM
that is odd...are you trying to run FTD software on the device or ASA software?
Could you post the output of show version please.
01-16-2023 12:26 AM
Also, could you issue the command connect ftd and then again show network
01-16-2023 12:36 AM
Connect ftd is not available, only connect fxos, and no show network command in this mode.
01-16-2023 12:52 AM
01-16-2023 12:59 AM
It was working but suddenly stop connecting to https, i contacted with the company that i purchased the device from, they did troubleshooting but found nothing.
Regarding connect ftd, I can not execute this command, only connect fxos is available.
01-16-2023 01:03 AM
I did connect ftd from fxos and it connected, but still show network giving nothing
01-16-2023 01:14 AM
Have you done a reboot of the device since the issue happened? I see the device has been rebooted 6 days ago, but was the issue present before this reboot?
If you have not performed a reboot since the issue occurred, would you be able to perform a reboot at some point in the near future?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide