cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5099
Views
10
Helpful
11
Replies

FTD 6.2.3 on ASA5506-X - unable to use /31 mask on ipv4 data interface

terje
Level 1
Level 1

Hi, the FTD software (6.2.3.10) on ASA 5506-X does not seem to support point-to-point (/31) ipv4 subnets. When trying to set my static /31 public ip on the outside interface in FDM the error message "You cannot assign a broadcast address as the IP address of an interface" is raised. A fix would be most appriciated ! 

 

11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

This message is clearly says you can not assign ""You cannot assign a broadcast address as the IP address of an interface"

 

can you please show us more information, what is the exactly IP address you trying to Assign ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi, any attempt to assign an ip address with netmask 255.255.255.254 to an interface in FDM will either raise the error message above or "You cannot assign a network address "x.x.x.x/255.255.255.254" as the IP address of an interface" based on whether you are using the first or last address in the point-to-point subnet.  

 

/31 subnets is not a problem on a IOS router or ASA:

 

interface GigabitEthernet1
ip address x.x.x.81 255.255.255.254

 

TB

I just tried that on my FPR 2110 and it does work. What's the extact IPv4 address you are entering?

I'm using a new ASA5506-X reimaged with FTD and FDM local management (no FMC avail). The smallest subnet possible on the interfaces is /30. If the problem is FDM, could the interface ip be configured from CLI Expert mode ?

 

TB

... and every ip (i.e 10.20.30.40) with 31 bits mask (255.255.255.254) is rejected.

Abhijeet- just got confirmed from TAC that the /31 addresses is a restriction on ALL devices running FTD due to limitations in FMC. This feature is planned implemented in a future FTD/FMC vesion. Could you share the running FTD/FMC version on your FPR2110 ?

 

Thanks,

Terje

 
 
 
 
 
 
 
 

Please see attached.Capture.PNGCapture1.PNG

terje
Level 1
Level 1

Update: 

Still no support for /31 mask on interfaces in FTD 6.7.0.1. Tested on a FPR2110

Today upstream providers is consolidating IPv4-space using /31 links which prevents us from using the Firepower NGFW series as WAN/Internet edge devices.

 

Correct - not supported. There's an open ENH bugID:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg80765

terje
Level 1
Level 1

Update - Firepower 1010

Still no support for /31 netmask on routed interfaces in FDM on the latest FTD 7.3.0 !!

 

terje
Level 1
Level 1

Update - Firepower 1010 FTD and FDM

A year later and still no support for RFC3021 in FTD 7.3.1.1 !!

Comparable branch devices from Palo Alto and Fortinet supports this. What's taking so long ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: