Solved: FMC 4600 Version 6.7.0 Etherchannel Configuration

TW80CJ5 · ‎12-14-2020

Hello All,

We have an FMC 4600 Version 6.7.0 that manages all of our ASA SFR's in Production. We are wanting to build a two port port channel on the FMC and are not having much luck. I see articles about that it is capable, but there are no configuration guides. The GUI doesnt really help much and figured that we would have to use the Linux CLI.

Any ideas or suggestions are welcomed!

Marvin Rhoads · ‎12-16-2020

A Firepower Management Center (FMC) appliance itself does not support Etherchannel for its own (FMC appliance) interfaces. No way, no how, not now (as of version 6.7).

You use Firepower Chassis Manager (FCM) to create Etherchannel interfaces on Firepower 4100 and 9300 series devices. Once created they can be assigned to and used by the FTD logical device(s) running on that hardware.

FMC can create and configure Etherchannel interfaces on managed Firepower 1000 and 2100 series devices running FTD software. It can also configure Etherchannels (created in FCM) on managed Firepower 4100 and 9300 series devices running FTD software.

View solution in original post

balaji.bandi · ‎12-14-2020

have you tried below :

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215351-configure-verify-and-troubleshoot-port.html#anc25

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎12-15-2020

The FMC appliance itself does not support connection to the network via portchannel.

FMC can create Etherchannel interfaces on managed FTD 1000 and 2100 series devices. Firepower 4100 and 9300 series devices must first create the Etherchannel using Firepower Chassis Manager.

For managed ASA Firepower service modules, all interface configuration is done on the parent ASA via ASA cli (or ASDM).

TW80CJ5 · ‎12-15-2020

Good Morning Marvin,

Are you saying we can use the FirePower Chassis Manager to create the Etherchannel? And if we are successful in creating it the Etherchannel, we wont be able to use if for our network connection???

Thanks for the information!

Marvin Rhoads · ‎12-16-2020

A Firepower Management Center (FMC) appliance itself does not support Etherchannel for its own (FMC appliance) interfaces. No way, no how, not now (as of version 6.7).

You use Firepower Chassis Manager (FCM) to create Etherchannel interfaces on Firepower 4100 and 9300 series devices. Once created they can be assigned to and used by the FTD logical device(s) running on that hardware.

FMC can create and configure Etherchannel interfaces on managed Firepower 1000 and 2100 series devices running FTD software. It can also configure Etherchannels (created in FCM) on managed Firepower 4100 and 9300 series devices running FTD software.

TW80CJ5 · ‎12-16-2020

Well darn...

Its stinks that Cisco builds a NGFW Database Appliance at a cost of $75k+ that doesnt support etherchannel.

I guess aI will keep my fingers crossed for a future release that incorporates that feature...

Thank you for a great answer / explanation.

Marvin Rhoads · ‎12-17-2020

Unfortunately the only high availability solution for FMC (currently) is to have a second appliance in HA configuration.

If throughput is the concern, you can use the multiple interfaces with separate routes for each one.