03-19-2020 01:54 AM
Hi Guys,
Using FDM to try and configure my DIA, PE is set-up with a sub interface. Using my laptop tagged, everything working okay. From FDM though, I can't even get ICMP to the PE.
interface Ethernet1/1
nameif outside
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
no ip address
!
interface Ethernet1/1.3061
vlan 3061
nameif outside_sub
cts manual
propagate sgt preserve-untag
policy static sgt disabled trusted
security-level 0
ip address x.x.x.x 255.255.255.248
Help would be appreciated :)
03-19-2020 02:02 AM
The documentation is also not clear; it suggests you need to avoid naming the physical interface, if you try to do this however, you are rejected.
"Preventing untagged packets on the physical interface—If you use subinterfaces, you typically do not also want the physical interface to pass traffic, because the physical interface passes untagged packets. Because the physical interface must be enabled for the subinterface to pass traffic, ensure that the physical interface does not pass traffic by not naming the interface. If you want to let the physical interface pass untagged packets, you can name the interface as usual."
03-19-2020 01:04 PM
How is your switch interface setup that is connected to the FTD device? If it is not a trunk already I would suggest configuring to trunk all VLANs to start with.
03-19-2020 01:07 PM
We got it sorted, our core guys sent through wrong port info. All good :)
04-15-2020 02:40 AM
Hello
Could you please advice on how you got it sorted as I'm also facing the same challenge, screengrabs could also be handy
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide