cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
1
Helpful
5
Replies

Firepower - BVI with port channel sub interface

andy-tf-fung
Level 1
Level 1

Hi community,

we want to deploy firepower 3105 - version 7.3.1 to bridge two VLAN(119 & 191) on distribution switch and allow two network to communicate with the same subnet as following

andytffung_1-1731194190691.png

we have run the following test with 10.127.190.11 and 10.127.190.42 ping each other:
1. [success]
    a. 10.127.190.11 connected to FTD 1/1 directly
    b. 10.127.190.42 connected to FTD 1/2 directly
    c. FTD 1/1 & 1/2 run BVI
2. [fail]
    a. 10.127.190.11 connected to switchport with access port  to vlan 191
    b. 10.127.190.42 connected to switchport with access port  to vlan 119
    c. FTD 1/1 connected to switchport with access port  to vlan 191
    d. FTD 1/2 connected to switchport with access port  to vlan 119
    e. FTD 1/1 & 1/2 run BVI
3. [fail]
    a. 10.127.190.11 connected to switchport with access port  to vlan 191
    b. 10.127.190.42 connected to switchport with access port  to vlan 119
    c. switch and FTD connected with port channel
    d. switch port channel trunk vlan 191 & 119
    e. FTD 1/1 & 1/2 run port channel
    f. FTD port channel have sub interface 191 & 119
    g. FTD port-channel.119 and port-channel.191 run BVI

Port channel

andytffung_0-1731197076843.png

andytffung_1-1731197109986.png

Sub interface 119

andytffung_2-1731197144088.png

Sub interface 191

andytffung_3-1731197175992.png

BVI

andytffung_4-1731197216369.png

 

 

 

 

 

 

5 Replies 5

you use FW HA or standalone FW?

MHM

balaji.bandi
Hall of Fame
Hall of Fame

Are you using FDM or FMC, and what mode that FTD running, check the Limitation and see if the feasible :

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/730/management-center-device-config-73/device-ops-tfw.html?bookSearch=true

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andy-tf-fung
Level 1
Level 1

we are using FMC and the FTD is running in transparent mode, and the FW is in HA

from command level can you post below information :

show port-channel summary
show interface ip brief
show interface Port-channel1 detail



BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

andy-tf-fung
Level 1
Level 1

Hi all,

Thanks a lot for your help, may be I simplify the design since my issue is more on the bridging two different vlans with the same IP subnet.

andytffung_0-1731316680193.png

Interface
andytffung_2-1731316757367.png

BVI

andytffung_3-1731316800030.png

 

 

 

 

Review Cisco Networking for a $25 gift card