Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5818
Views
10
Helpful
11
Replies

FTD 6.2.3 on ASA5506-X - unable to use /31 mask on ipv4 data interface

terje
Level 1
Level 1

‎06-01-2019 10:45 AM

Hi, the FTD software (6.2.3.10) on ASA 5506-X does not seem to support point-to-point (/31) ipv4 subnets. When trying to set my static /31 public ip on the outside interface in FDM the error message "You cannot assign a broadcast address as the IP address of an interface" is raised. A fix would be most appriciated ! 

 

Labels:
0 Helpful
11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

‎06-01-2019 01:33 PM

This message is clearly says you can not assign ""You cannot assign a broadcast address as the IP address of an interface"

 

can you please show us more information, what is the exactly IP address you trying to Assign ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

terje
Level 1
Level 1
In response to balaji.bandi

‎06-02-2019 03:18 AM

Hi, any attempt to assign an ip address with netmask 255.255.255.254 to an interface in FDM will either raise the error message above or "You cannot assign a network address "x.x.x.x/255.255.255.254" as the IP address of an interface" based on whether you are using the first or last address in the point-to-point subnet.  

 

/31 subnets is not a problem on a IOS router or ASA:

 

interface GigabitEthernet1
ip address x.x.x.81 255.255.255.254

 

TB

0 Helpful

Abhijeet Kumar
Level 1
Level 1
In response to terje

‎06-02-2019 04:31 AM

I just tried that on my FPR 2110 and it does work. What's the extact IPv4 address you are entering?

0 Helpful

terje
Level 1
Level 1
In response to Abhijeet Kumar

‎06-02-2019 09:18 AM

I'm using a new ASA5506-X reimaged with FTD and FDM local management (no FMC avail). The smallest subnet possible on the interfaces is /30. If the problem is FDM, could the interface ip be configured from CLI Expert mode ?

 

TB

0 Helpful

terje
Level 1
Level 1
In response to terje

‎06-02-2019 09:37 AM

... and every ip (i.e 10.20.30.40) with 31 bits mask (255.255.255.254) is rejected.

0 Helpful

terje
Level 1
Level 1
In response to Abhijeet Kumar

‎06-11-2019 12:33 AM

Abhijeet- just got confirmed from TAC that the /31 addresses is a restriction on ALL devices running FTD due to limitations in FMC. This feature is planned implemented in a future FTD/FMC vesion. Could you share the running FTD/FMC version on your FPR2110 ?

 

Thanks,

Terje

 
 
 
 
 
 
 
 
0 Helpful

Abhijeet Kumar
Level 1
Level 1
In response to terje

‎06-12-2019 05:09 PM

Please see attached.Capture.PNGCapture1.PNG

terje
Level 1
Level 1

‎05-09-2021 01:57 PM

Update: 

Still no support for /31 mask on interfaces in FTD 6.7.0.1. Tested on a FPR2110

Today upstream providers is consolidating IPv4-space using /31 links which prevents us from using the Firepower NGFW series as WAN/Internet edge devices.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to terje

‎01-24-2022 11:46 AM

Correct - not supported. There's an open ENH bugID:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg80765

terje
Level 1
Level 1

‎12-08-2022 03:56 AM

Update - Firepower 1010

Still no support for /31 netmask on routed interfaces in FDM on the latest FTD 7.3.0 !!

 

0 Helpful

terje
Level 1
Level 1

‎10-05-2023 02:40 AM

Update - Firepower 1010 FTD and FDM

A year later and still no support for RFC3021 in FTD 7.3.1.1 !!

Comparable branch devices from Palo Alto and Fortinet supports this. What's taking so long ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card