Re: Firepower 2110 - FDM (sub interface not working).

Xividar · ‎03-19-2020

Hi Guys,

Using FDM to try and configure my DIA, PE is set-up with a sub interface. Using my laptop tagged, everything working okay. From FDM though, I can't even get ICMP to the PE.

interface Ethernet1/1

nameif outside

cts manual

propagate sgt preserve-untag

policy static sgt disabled trusted

security-level 0

no ip address

!

interface Ethernet1/1.3061

vlan 3061

nameif outside_sub

cts manual

propagate sgt preserve-untag

policy static sgt disabled trusted

security-level 0

ip address x.x.x.x 255.255.255.248

Help would be appreciated :)

Xividar · ‎03-19-2020

The documentation is also not clear; it suggests you need to avoid naming the physical interface, if you try to do this however, you are rejected.

"Preventing untagged packets on the physical interface—If you use subinterfaces, you typically do not also want the physical interface to pass traffic, because the physical interface passes untagged packets. Because the physical interface must be enabled for the subinterface to pass traffic, ensure that the physical interface does not pass traffic by not naming the interface. If you want to let the physical interface pass untagged packets, you can name the interface as usual."

Marius Gunnerud · ‎03-19-2020

How is your switch interface setup that is connected to the FTD device? If it is not a trunk already I would suggest configuring to trunk all VLANs to start with.

--
Please remember to select a correct answer and rate helpful posts

Xividar · ‎03-19-2020

We got it sorted, our core guys sent through wrong port info. All good :)

DivineMuteta90931 · ‎04-15-2020

Hello

Could you please advice on how you got it sorted as I'm also facing the same challenge, screengrabs could also be handy

Thanks