Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4026
Views
5
Helpful
7
Replies

Firepower NGFW 2110 two Trunk/sub-interfaces to core switch?

Go to solution
dan hale
Level 3
Level 3

‎03-28-2018 08:10 PM - edited ‎02-21-2020 07:34 AM

Hi All, I'm replacing a legacy Cisco 3825 ISR that was doing are internal routing and firewall with a Cisco NGFW 2110 using FTD version 6.2.2. at a branch location.

 

It's basically firewall/router on a stick and I have only two Layer 2 2960-X access switches that are stacked together that it would connect to.

 

My question is it possible to create two trunk ports/sub-interfaces on the 2110 and have one port on the 2110 go to one switch and another port go to the second switch?

 

This way if one switch dies I still will be connected to the second switch from the 2110? I would assume that if this is possible that spanning-tree on the 2960-x switches would block one of the uplinks to the 2110.

 

Thanks,

Dan 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-28-2018 08:33 PM

Hi

 

Take a look here is explained.

The answer is yes. You need to configure redundant interfaces, deploy the config and then create sub interfaces on this new logical interface generated after redundant config is deployed.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

7 Replies 7

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-28-2018 08:33 PM

Hi

 

Take a look here is explained.

The answer is yes. You need to configure redundant interfaces, deploy the config and then create sub interfaces on this new logical interface generated after redundant config is deployed.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
dan hale
Level 3
Level 3
In response to Francesco Molino

‎03-28-2018 09:30 PM

Perfect...thanks!

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dan hale

‎03-29-2018 06:03 AM

You're welcome

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dan hale
Level 3
Level 3
In response to Francesco Molino

‎03-29-2018 11:37 AM

An update on this...looks like the 2100,4100, and 9300 do not support redundant interfaces in FTD mode.

 

"• Redundant interfaces are not supported on the Firepower 2100, Firepower 4100/9300 chassis"

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/interfaces_for_firepower_threat_defense.pdf

 

I imagine if they were in ASA mode they would.

 

Thanks,

Dan

 

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dan hale

‎03-29-2018 11:49 AM

Ok my bad, that's why we post the doc to be sure. Redundant interfaces I used them with ASA converted into FTD but never used and didn't get the use case to use them on bigger customer going to FP hardware.

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
samuelmaoza80081
Level 1
Level 1

‎09-07-2021 07:12 AM

Hie Guys am trying to configure my 2110 firepower ethernet ports as trunk ports but i do not know where to start? any luck

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to samuelmaoza80081

‎09-08-2021 12:00 AM

Hi @samuelmaoza80081,

You can find relenvant information in the config guide.

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card