Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
4
Helpful
3
Replies

Firepower appliance causing partial collection failure of WLC in PI 3.1

mo shea
Level 1
Level 1

‎05-30-2016 06:35 AM - edited ‎03-12-2019 06:01 AM

Hello,

We have a Firepower 7110 appliance that sits inline between our Wireless controller and the Prime Infrastructure server. Whenever we started discovery For the WLC 5508 on the PI, the result would be partial collection failure.

I have configured the WLC as a trusted source under the Firepower policies tab in order to pass uninspected but still the WLC is not discovered. When we physically bypass the Firepower and connect the controller directly all is good and the Controller is discovered properly.

During troubleshooting we have upgraded our PI to 3.1 before discovering the issue is related to the Firepower device. Could this be a bug or some misconfiguration on the Firesight system?

Using,

Firesight 5.4.1

Firepower 7110 5.4.0

All help is appreciated.

Regards,

Moe Shea

Labels:
0 Helpful
3 Replies 3

yogdhanu
Cisco Employee
Cisco Employee

‎05-30-2016 07:22 AM

Hi

When you says added WLC as a trusted source, have you added a trust rule for that?

I would suggest adding a rule in access control policy with highest priority and action as "trust"  and match the IP address of WLC and test the connectivity.

That should completely bypass inspection from firepower.

Rate if helps.

Yogesh

mo shea
Level 1
Level 1
In response to yogdhanu

‎05-30-2016 08:22 AM

Hello,

Thanks Yogesh for  the feedback. We have done exactly what you have mentioned. We already had this rule existing for another device in our network. We modified the rule to include the ip address of the WLC, and it is already the first rule.

Unfortunately the result is the same. We have had opened a PI TAC case, thinking it was a PI issue, and on the advice of the Cisco Engineer, we physically bypassed the Firepower appliance. Now we have to open another case but for the Firepower instead.

Regards

Moe Shea

0 Helpful

Reginald Pugh
Level 1
Level 1
In response to mo shea

‎03-23-2017 03:55 AM

Hi Moe, was this ever resolved.  Am looking how to integrate Firepower- PI (3.1.5) with the Wireless LAN Controllers  (5520s) in a simple manner that gives good insight to what is happening on the network using Firepower.  Are you at that point? Where the information is being sent to Prime  -Thanks you very much

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card