Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
5194
Views
0
Helpful
1
Replies

Firepower Inline interfaces in VLAN

dhr.tech1
Spotlight
Spotlight

ā€Ž07-04-2016 06:26 AM - edited ā€Ž03-10-2019 06:38 AM

Hi All,

I just need to confirm if Cisco Firepower Interfaces configured in inline group can be configured and paired as sub interfaces and then mapped to the zones or I need to map physical interfaces only for inline interfaces ?

======================

Current : S1, S2 - > Inline Pair

Required : S1.1, S2.1 ( VLAN100) - > Inline Pair

Required : S1.2, S2.2 (VLAN 200) -> Inline Pair

========================

My main objective is create access policies based on the specific VLAN rather than complete physical interfaces.

Thank you in advance.

Br,

Dhruv 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

dhr.tech1
Spotlight
Spotlight

ā€Ž07-04-2016 06:46 AM

Hi All,

I went through below link and it describes how we can create sub interfaces and how we could use them when configuring our IPS in route mode and transparent mode interfaces. But I want to configure them in Inline mode. Please help.

http://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v601_chapter_01101011.html#task_4FA3FC2F83774196A854661C2C85D434

============================================================

Configure VLAN Subinterfaces and 802.1Q Trunking

Smart License

Classic License

Supported Devices

Supported Domains

Access

Any

N/A

Firepower Threat Defense

Any

Access Admin
Administrator
Network Admin

VLAN subinterfaces let you divide a physical, redundant, or EtherChannel interface into multiple logical interfaces that are tagged with different VLAN IDs. An interface with one or more VLAN subinterfaces is automatically configured as an 802.1Q trunk. Because VLANs allow you to keep traffic separate on a given physical interface, you can increase the number of interfaces available to your network without adding additional physical interfaces or devices.

Before You Begin

Preventing untagged packets on the physical interfaceā€”If you use subinterfaces, you typically do not also want the physical interface to pass traffic, because the physical interface passes untagged packets. This property is also true for the active physical interface in a redundant interface pair and for EtherChannel links. Because the physical, redundant, or EtherChannel interface must be enabled for the subinterface to pass traffic, ensure that the physical, redundant, or EtherChannel interface does not pass traffic by not naming the interface. If you want to let the physical, redundant, or EtherChannel interface pass untagged packets, you can name the interface as usual.

Procedure
    Step 1   Select Devices > Device Management and click the edit icon () for your Firepower Threat Defense device. The Interfaces tab is selected by default.
    Step 2   Click Add Interfaces > Sub Interface.
    Step 3   On the General tab, set the following parameters:
    1. Interfaceā€”Choose the physical, redundant, or port-channel interface to which you want to add the subinterface.
    2. Sub-Interface IDā€”Enter the subinterface ID as an integer between 1 and 4294967295. The number of subinterfaces allowed depends on your platform. You cannot change the ID after you set it.
    3. VLAN IDā€”Enter the VLAN ID between 1 and 4094 that will be used to tag the packets on this subinterface.
    Step 4   Click OK.
    Step 5   Click Save.

    You can now click Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.
    Step 6   Configure the routed or transparent mode interface parameters. See Configure Routed Mode Interfaces or Configure Transparent Mode Interfaces.
    0 Helpful
    Customers Also Viewed These Support Documents
    Review Cisco Networking for a $25 gift card