Re: FMC Device Interface Duplex and Speed configs can not be changed

telesymbol · ‎07-23-2022

Hi All,

we just got some issues and reinstall FMC and restore backup and add 2 x 2130 FTDs with HA, but we can not change device interface duplex and speed configs.

Error is attached and please advise.

regards

Kasun Bandara · ‎07-23-2022

seems like you are hitting BUG https://bst.cisco.com/bugsearch/bug/CSCvq01485

Symptom: After ASA to FTD migration, use the FMC to edit the FTD SFP physical interface configuration. The hardware configuration tab is greyed out with Duplex and Speed showing auto. Click OK on the box and get an error similar to the following: "Interface update failed. The Interface auto does not support the speed Ethernet1/13 Duplex cannot be set to auto"

Conditions: Use Firepower Migration Tool to migrate ASA configuration to FTD and map target interface to FPR2100/FPR1XXX SFP interface

Workaround: Navigate to this location in order to get access to the REST-API explorer on FMC on your web-browser: 1. Open this link on your web-browser accordingly in order to get access to the FMC's REST-API GUI: "https://FMC_IP/api/api-explorer"

2. Navigate to "Devices" and select the "GET" option listed on this link: /api/fmc_config/v1/domain//devices/devicerecords

3. Hit once again on the "GET" option and collect the response text listed. Store the id of the affected FTD device just like this: "id": "4e97cfa2-fe64-11e8-b9b6-c285516be9fa", This will be the containerUUID.

4. Scroll down on the REST API options for "Devices" and enter the containerUUID that was collected on point 3 in the text box listed as "Container UUID".

5. Find the following path : /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/{containerUUID}/physicalinterfaces Example: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/4e97cfa2-fe64-11e8-b9b6-c285516be9fa/physicalinterfaces

6. Hit once again the "GET" to find the "objectId" for all "physicalinterfaces" on the device / containerUUID. Example: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/4e97cfa2-fe64-11e8-b9b6-c285516be9fa/physicalinterfaces

7. Find the affected interface and collect the id value linked to it. This is an example: "type": "PhysicalInterface", "name": "Ethernet1/13", "id": "005056BB-B8BE-0ed3-0000-154618831518"

8. Finally, add these values to the affected interface "objectId" that you obtained on point 7 and push that configuration using the "PUT" option. Please notice that we will need to add/modify the speed and duplex configuration accordingly. This is an example only: { "type": "PhysicalInterface", "hardware": { "speed": "THOUSAND", "duplex": "FULL" }, "mode": "NONE", "managementOnly": false, "MTU": 1500, "enabled": true, "name": "Ethernet1/13", "id": "005056BB-B8BE-0ed3-0000-154618831518" }

9. Confirm on FMC-GUI that you can edit the speed/duplex configuration and perform a deployment.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

telesymbol · ‎07-23-2022

I copied the container UUID, as per attached picture but don't understand Step 4 (like where to go)

on FMC Task status it's shown "High availability configuration is being enabled on secondary device" for more than 4 hours. could this be the issue ?

and my FMC current version is 7.0.1, what if I upgrade the FMC to 7.0.2, does this resolve the issue ?

Kasun Bandara · ‎07-24-2022

you can try that. bug report pointed to Firepower NGFW recently. also better open a TAC for get more support since this is some specific issue.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB