10-24-2024 01:19 AM
Hello everybody,
I have to change the gateway of the out-of-band management interface for several
Firewall 3105 running rel. 7.4.2 (FXOS Version: 2.14(1.167)).
I entered:
CTBFP3 /fabric-interconnect # set out-of-band static ip 10.61.96.10 netmask 255.255.255.0 gw 10.61.96.1
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
CTBFP3 /fabric-interconnect* #
CTBFP3 /fabric-interconnect* # CTBFP3 /fabric-interconnect # set out-of-band static ip 10.61.96.10 netmask 255.255.255.0 gw 10.61.96.1
Warning: When committed, this change may disconnect the current CLI session.
Use commit-buffer command to commit the changes.
CTBFP3 /fabric-interconnect* #
CTBFP3 /fabric-interconnect* # commit-buffer
Error: Changes not allowed. use: 'connect ftd' to make changes.
CTBFP3 /fabric-interconnect* # connect ftd
> show network
===============[ System Information ]===============
Hostname : CTBFP3.horsch.local
DNS Servers : 10.61.30.101
10.61.30.102
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 10.61.96.5 (not changed)
How can I realize this change?
Every hint is welcome.
Thanks a lot!
Bye
R.
Solved! Go to Solution.
10-25-2024 06:00 AM - edited 10-25-2024 08:26 AM
Use "sysopt sam 1001 on" in fxos. That will allow you to commit-buffer. Afterwards turn it off.
This is similar to what is shown in this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe60267
10-24-2024 02:40 AM
Not a 100% sure, but did you try to change the management interface IP from the FTD CLISH mode ">" with the command "configure network ipv4 manual < IP address > < subnet mask > < default gateway >"?
10-24-2024 11:52 PM
Hi Aref,
I think I have to explain the background of the issue.
The customer get the follwing error message in the FMC for 10 devices:
"Cisco Cloud Configuration - Unable to reach Cisco Cloud from the device. Please check the network connection.. Cisco Support Diagnostics Configuration - failure."
(see attached screeen dump)
At those devices that do not show this error message the default gateway to the IP addess displayed in the FMC device overview is correct (see the yellow marked addresses in the screen dump). These devices can ping targets in the Internet over the management IP displayed in the FMC.
I have to change the default gateway of these IP addesses, regardless if I have to change them in the FXOS or FTD mode.
In the FXOS mode it did not wotk because the 'commit-buffer' command was not executed (see above).
Now I tried it in the FTD mode:
> show network
===============[ System Information ]===============
Hostname : CTBFP4.horsch.local
DNS Servers : 10.61.30.101
10.61.30.102
DNS from router : enabled
Management port : 8305
IPv4 Default route
Gateway : 10.61.96.5
==================[ management0 ]===================
Admin State : enabled
Admin Speed : sfpDetect
Operation Speed : 1gbps
Link : up
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : C4:46:06:6D:D8:80
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 10.61.96.11
Netmask : 255.255.255.0
Gateway : 10.61.96.5
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
> configure network management-data-interface
client Enter client IP address/network
ddns Configure DDNS settings
disable Disable management-data access
ipv4 Configure IPv4 address
ipv6 Configure IPv6 address
nameif Change the name of the interface
<cr>
> configure network management-data-interface ipv4
default-gw Enter Ipv4 default gateway
dhcp Configure IPv4 management network via DHCP
manual Configure IPv4 manually
> configure network management-data-interface ipv4 manual
IP address AAA.BBB.CCC.DDD where each part is in the range 0-255 Enter valid IPv4 address
> configure network management-data-interface ipv4 manual 10.61.96.11
IP address AAA.BBB.CCC.DDD where each part is in the range 0-255 Enter valid IPv4 netmask
> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0
default-gw Enter default gateway ( optional )
interface Enter interface id
> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0 default-gw 10.61.96.1
interface Enter interface id
> configure network management-data-interface ipv4 manual 10.61.96.11 255.255.255.0 default-gw 10.61.96.1 interface Management
Error: The interface: Management is not configured with remote management
Does this mean I cannot change the Default Gateway of the Management interface in a SSH session?
The main question is:
How can I change the Default Gateway of IP addresses that are displayed for the devices in the FMC Device Overview?
Thanks a lot!
Bye
R.
10-24-2024 05:18 AM
10-25-2024 01:27 AM
Hi. In this case you would need to change the management IP on those devices as well as in the FMC. Please check this link for guidance:
Change the Management Interface IP Address on FTD Managed by FMC - Cisco
Also please note that the command you used on the FTD CLISH is not the correct command. The command you should use is as follows:
"configure network ipv4 manual 10.61.96.10 255.255.255.0 10.61.96.1"
The command you used "configure network management-data-interface ..." allows sending the management traffic over a data interface, but this is not the case here.
10-25-2024 06:00 AM - edited 10-25-2024 08:26 AM
Use "sysopt sam 1001 on" in fxos. That will allow you to commit-buffer. Afterwards turn it off.
This is similar to what is shown in this bug: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe60267
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide