Solved: Firepower4100 ASA, is it possible not occupying a data interface for ASA management?

fraserC · ‎05-04-2018

FPR 4100 comes with 8x10G SPF network module. via Quick start Guide, it needs to assgin a one of these 8 ports for ASA management. It is too expensive if only for mgmt access.

I may configure inside interface to allow mgmt HTTP/SSH access. However I am not able to release the assigned asa mgmt port via FDM. Is it possible to save this port for data?

fraserC · ‎07-17-2018

Confirmed with Cisco that it is true on FP4100 you have to assign a data port as dedicated ASA management interface. FP2100 is different, it shares the chassis MGT interface for ASA management.

View solution in original post

Dennis Mink · ‎05-05-2018

the quick start guide only seems to suggest using these ports when you set upo a port channel. only then do you need to choose between managament and data.

if you just use the management port for management and you have no need to add a port channel for management, you can use the 8 sfps for data.

Please remember to rate useful posts, by clicking on the stars below.

Marius Gunnerud · ‎05-06-2018

If you are running ASA on the FP4100 then no you do not need to dedicate a port for management. If this is FP4100 running FTD then yes you need to have a dedicated management port.

--
Please remember to select a correct answer and rate helpful posts

fraserC · ‎07-17-2018

Confirmed with Cisco that it is true on FP4100 you have to assign a data port as dedicated ASA management interface. FP2100 is different, it shares the chassis MGT interface for ASA management.

Marvin Rhoads · ‎07-17-2018

That's correct. Thanks for confirming the TAC feedback.