Solved: Re: Firepower 2110 redundant interfaces, BVI

StefanStankovic2195 · ‎07-09-2019

I have few questions. The situation is: I have Firepower 2110 in the routed mode and I want to connect 2 data switches from the SAME LAN. Because every port on FirePower has to be on different subnet, how to connect those switches? Bridging and Redundant interface are not supported on Firepower 2100 series. What is the replacement for BVI, Redundant interface in this situation?

Marvin Rhoads · ‎07-09-2019

Unless the switches are in the same cluster (like VSS or Stackwise) or using something like NX-OS VPCs, you cannot do what you're asking with FTD.

View solution in original post

Marvin Rhoads · ‎07-09-2019

Unless the switches are in the same cluster (like VSS or Stackwise) or using something like NX-OS VPCs, you cannot do what you're asking with FTD.

StefanStankovic2195 · ‎07-16-2019

Thank you so much. My 2 switches are in vLAG (vendor Lenovo). So, is it a good idea to do this: on Firepower from two interfaces to create port-channel and on him to create 2 subinterfaces and connect those 2 switches??

Marvin Rhoads · ‎07-16-2019

Lenovo states their vLAG is "similar to" Cisco vPC so it might well work. However you'd be best to try it in a non-production environment (lab) first to confirm the operations are as you expect. TAC support would be best effort only.

How or whether you do subinterfaces depends on more details of your requirements than have been shared thus far. If you want to trunk multiple subnets (corresponding to VLANs) from the switches to the Firepower appliances then, yes, subinterfaces would be the logical choice. that does add another aspect to the interoperability question though so, again, labbing the setup would be advised.