Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2034
Views
0
Helpful
4
Replies

FS4000 interface bonding

Go to solution
Matthias Jeker
Level 1
Level 1

‎03-25-2015 06:57 AM - edited ‎03-12-2019 05:38 AM

Hi all

I have a FireSIGHT 4000 mgmt appliance. Anyone knows how to configure a bond (ether-channel) to this appliance? Currently there is not much documentation on the cisco site.

 

Regards

Matthias

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
atatistc
Cisco Employee
Cisco Employee

‎03-25-2015 02:33 PM

Never heard of trying to do an ether-channel to the management interface of a Defense Center (FSMC).  It's a 1Gb port and while there are two, the purpose of using the second one is to allow splitting up web UI management and event traffic - not to double the throughput of the management interface.  The bottom line is ether-channel is not available on management devices. <-- Correcting myself, you actually can increase the throughput/redundancy of the management connection in v 5.4 by using the second interface. (still don't think ether-channel is supported though)

View solution in original post

0 Helpful

Go to solution
atatistc
Cisco Employee
Cisco Employee
In response to Matthias Jeker

‎03-25-2015 03:37 PM

The answer to the redundancy question is to get a second Defense Center and configure a High Availability pair.  Generally, protecting against failure in the management network is not a need we see while recovering from failure of the entire device/datacenter is a more common requirement.

Events are queued on the device(s) in case of a failure in the management connection to the Defense Center.

That being said, with version 5.4 there are several options for configuring the eh0 and eth1 management interfaces.  You can split up management and event traffic or use both of them to process management and event traffic.  This allows for faster event rates as well as redundancy.  My advice is to look in the help or the FireSIGHT System User Guide and search for "management interfaces" you will find several pages there with diagrams on how the various traffic channels can be used. 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
atatistc
Cisco Employee
Cisco Employee

‎03-25-2015 02:33 PM

Never heard of trying to do an ether-channel to the management interface of a Defense Center (FSMC).  It's a 1Gb port and while there are two, the purpose of using the second one is to allow splitting up web UI management and event traffic - not to double the throughput of the management interface.  The bottom line is ether-channel is not available on management devices. <-- Correcting myself, you actually can increase the throughput/redundancy of the management connection in v 5.4 by using the second interface. (still don't think ether-channel is supported though)

0 Helpful

Go to solution
Matthias Jeker
Level 1
Level 1
In response to atatistc

‎03-25-2015 02:33 PM

This is frustrating, isn't it? The customer bought a mgmt appliance for 100k and in case of a link failure he loses the ability to collect data?:/ Maybe there is any buffer or something like that on the modules it self? Couldn't find it in the documentation.

I configured it manually in the underlying Linux. It works without any problems (the FSMC doesn't recognize the bond interface in the GUI but that doesn't matter).

Maybe I will go with the recommended solution and just split the mgmt and even traffic. Or is it possible to enable the mgmt and the event traffic on both interfaces to have some kind of redundancy?

0 Helpful

Go to solution
atatistc
Cisco Employee
Cisco Employee
In response to Matthias Jeker

‎03-25-2015 03:37 PM

The answer to the redundancy question is to get a second Defense Center and configure a High Availability pair.  Generally, protecting against failure in the management network is not a need we see while recovering from failure of the entire device/datacenter is a more common requirement.

Events are queued on the device(s) in case of a failure in the management connection to the Defense Center.

That being said, with version 5.4 there are several options for configuring the eh0 and eth1 management interfaces.  You can split up management and event traffic or use both of them to process management and event traffic.  This allows for faster event rates as well as redundancy.  My advice is to look in the help or the FireSIGHT System User Guide and search for "management interfaces" you will find several pages there with diagrams on how the various traffic channels can be used. 

0 Helpful

Go to solution
Matthias Jeker
Level 1
Level 1
In response to atatistc

‎03-26-2015 03:17 AM

Thanks a lot for your help and the clarifications. We currently have two FS4000 appliances for redundancy. I just wanted to have some link redundancy to prevent from a failover in case of a link failure.

 

I configured it in the following manner:

eth0 -> Events only address x.x.x.x

eth1 -> Mgmt only address y.y.y.y

 

When i pull off eth0 -> both addresses stops from responding (if I do an "ifup eth0" then the address y.y.y.y starts responding. I have no idea how to configure it for failover, loadsharing. It just doesn't work for me. Please not that this is a fresh box (no changes before I tried this).

When i pull off eth1 -> address x.x.x.x stops from responding, address y.y.y.y is reachable

 

 

Thanks again for your helpful answers. I really appreciate that!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card