Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1753
Views
0
Helpful
6
Replies

Firepower FTD multiple CCL connected to different Nexus VDCs

BirkJones7747
Level 1
Level 1

‎06-11-2019 01:54 PM - edited ‎02-21-2020 09:12 AM

Hi guys

I have a requirement to separate 5 VRFs into nexus VDCs.While each VDC will host the relevant VRF and terminated on the Firepower FTD.

In regards to the Cluster Control Link, Since the firepower will have specific interfaces into different zones, connected to different VDCs, is it possible also to have multiple cluster control links to each VDC? Does Firepwer support multiple Cluster control links?

Thanks

Jones

0 Helpful
6 Replies 6

Sheraz.Salim
VIP
VIP

‎06-12-2019 01:20 AM

have a look on this document https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

please do not forget to rate.
0 Helpful

BirkJones7747
Level 1
Level 1
In response to Sheraz.Salim

‎06-12-2019 08:37 AM

Hi Sheraz

My question was can you have multiple Cluster control link on the FTD, instead of only one?

Jones

0 Helpful

Sheraz.Salim
VIP
VIP
In response to BirkJones7747

‎06-12-2019 09:12 AM

multiple cluster control link on FTD is not supported. (I might be wrong) have not seen any documentation. unless you have FTD 9300 or 4100 where multi context instance is possible.

please do not forget to rate.
0 Helpful

BirkJones7747
Level 1
Level 1
In response to Sheraz.Salim

‎06-12-2019 11:34 AM

 more question, if you are using different VDCs to connect to the firepower that servers different purposes, would you have a control link that connect to the firepower from those VDCs?

I think its possible to have multiple links  under the cluster control link?

Jones

0 Helpful

Sheraz.Salim
VIP
VIP
In response to BirkJones7747

‎06-12-2019 12:11 PM - edited ‎06-12-2019 12:12 PM

just curious why you want to do this way. Nexus 7k with VDC. let say one VDC is as Core and other VDC as aggression. CCL should be terminated solely on one VDC instead of multiple VDC?  Have you consider doing vPC.

 

as long as if you have a change window or if this is a new setup you can try this multiple CCL.

please do not forget to rate.
0 Helpful

BirkJones7747
Level 1
Level 1
In response to BirkJones7747

‎06-12-2019 01:07 PM

Its a bit different setup. Currently the infrastructure is segregated using VRF that terminates on the firewall, in their respective zone.

There are many zones, like MGMT zone, internal zone, external zone etc....

Each of them have a bunch of subnets under each VRF that terminates on the firewall in their respective zones.

now due to some regulatory requirements, the VRF are going into a VDC.

So at the end, we will have MGMT VDC, where all MGMT and out of band management will be connected,
Internal zone, where all internal subnets and servers will be connected etc....

The VDCs themselves will have connection to the firewall, and its the firewall that will control access between different zones, hence to each of the VDCs.

Now, where to connect the cluster control link in that setup?

Regards

Jones

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card