cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
343
Views
3
Helpful
5
Replies

FTD 3105: Connot change the gateway (commit-buffer do not work)

swscco001
Level 3
Level 3

Hello everybody,

I have to change the gateway of the out-of-band management interface for several
Firewall 3105 running rel. 7.4.2 (FXOS Version: 2.14(1.167)).

I entered:

CTBFP3 /fabric-interconnect # set out-of-band static ip 10.61.96.10 netmask 255.255.255.0 gw 10.61.96.1
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
CTBFP3 /fabric-interconnect* #

CTBFP3 /fabric-interconnect* # CTBFP3 /fabric-interconnect # set out-of-band static ip 10.61.96.10 netmask 255.255.255.0 gw 10.61.96.1
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
CTBFP3 /fabric-interconnect* #

CTBFP3 /fabric-interconnect* # commit-buffer
Error: Changes not allowed. use: 'connect ftd' to make changes.

CTBFP3 /fabric-interconnect* # connect ftd
> show network
===============[ System Information ]===============
Hostname                  : CTBFP3.horsch.local
DNS Servers               : 10.61.30.101
                            10.61.30.102
DNS from router           : enabled
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.61.96.5                (not changed)

How can I realize this change?

Every hint is welcome.

Thanks a lot!




Bye
R.

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Use "sysopt sam 1001 on" in fxos. That will allow you to commit-buffer. Afterwards turn it off.

This is similar to what is shown in this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe60267

View solution in original post

5 Replies 5

Not a 100% sure, but did you try to change the management interface IP from the FTD CLISH mode ">" with the command "configure network ipv4 manual < IP address > < subnet mask > < default gateway >"?

Hi Aref,

I think I have to explain the background of the issue.

The customer get the follwing error message in the FMC for 10 devices:
"Cisco Cloud Configuration - Unable to reach Cisco Cloud from the device. Please check the network connection.. Cisco Support Diagnostics Configuration - failure."
(see attached screeen dump)

At those devices that do not show this error message the default gateway to the IP addess displayed in the FMC device overview is correct (see the yellow marked addresses in the screen dump). These devices can ping targets in the Internet over the management IP displayed in the FMC.

I have to change the default gateway of these IP addesses, regardless if I have to change them in the FXOS or FTD mode.

In the FXOS mode it did not wotk because the 'commit-buffer' command was not executed (see above).

Now I tried it in the FTD mode:

> show network
===============[ System Information ]===============
Hostname                  : CTBFP4.horsch.local
DNS Servers               : 10.61.30.101
                            10.61.30.102
DNS from router           : enabled
Management port           : 8305
IPv4 Default route
  Gateway                 : 10.61.96.5

==================[ management0 ]===================
Admin State               : enabled
Admin Speed               : sfpDetect
Operation Speed           : 1gbps
Link                      : up
Channels                  : Management & Events
Mode                      : Non-Autonegotiation
MDI/MDIX                  : Auto/MDIX
MTU                       : 1500
MAC Address               : C4:46:06:6D:D8:80
----------------------[ IPv4 ]----------------------
Configuration             : Manual
Address                   : 10.61.96.11
Netmask                   : 255.255.255.0
Gateway                   : 10.61.96.5
----------------------[ IPv6 ]----------------------
Configuration             : Disabled

===============[ Proxy Information ]================
State                     : Disabled
Authentication            : Disabled




> configure network management-data-interface
  client   Enter client IP address/network
  ddns     Configure DDNS settings
  disable  Disable management-data access
  ipv4     Configure IPv4 address
  ipv6     Configure IPv6 address
  nameif   Change the name of the interface
  <cr>

> configure network management-data-interface ipv4
  default-gw  Enter Ipv4 default gateway
  dhcp        Configure IPv4 management network via DHCP
  manual      Configure IPv4 manually

> configure network management-data-interface ipv4 manual
  IP address AAA.BBB.CCC.DDD where each part is in the range 0-255  Enter valid IPv4 address

> configure network management-data-interface ipv4 manual 10.61.96.11
  IP address AAA.BBB.CCC.DDD where each part is in the range 0-255  Enter valid IPv4 netmask

> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0

  default-gw  Enter default gateway ( optional )
  interface   Enter interface id

> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0 default-gw 10.61.96.1
  interface  Enter interface id

> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0 default-gw 10.61.96.1 interface Management

Error: The interface: Management is not configured with remote management

Does this mean I cannot change the Default Gateway of the Management interface in a SSH session?

The main question is:
How can I change the Default Gateway of IP addresses that are displayed for the devices in the FMC Device Overview?

Thanks a lot!



Bye
R.

Hi. In this case you would need to change the management IP on those devices as well as in the FMC. Please check this link for guidance:

Change the Management Interface IP Address on FTD Managed by FMC - Cisco

Also please note that the command you used on the FTD CLISH is not the correct command. The command you should use is as follows:

"configure network ipv4 manual 10.61.96.10 255.255.255.0 10.61.96.1"

The command you used "configure network management-data-interface ..." allows sending the management traffic over a data interface, but this is not the case here.

Marvin Rhoads
Hall of Fame
Hall of Fame

Use "sysopt sam 1001 on" in fxos. That will allow you to commit-buffer. Afterwards turn it off.

This is similar to what is shown in this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe60267

Review Cisco Networking for a $25 gift card