Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
209
Views
0
Helpful
2
Replies

FTD Creating a Port channel / Etherchannel - ramifications?

brettp
Level 1
Level 1

‎08-07-2024 05:38 AM - edited ‎08-07-2024 05:39 AM

Hello,

We have two FTDs (FPR1140) in an HA pair managed via FMC. Currently, the inside interface is simply one port on each device linking back to a switch. It has been this way for several years -- so the inside interface is referenced everywhere throughout the config (rules, routes, interface zones, groups, etc.) Now, I would now like to aggregate two ports on each device, making a new inside interface, which will link back to two Nexus switches via VPC. What are the ramifications of doing this, if any? With how finicky FTDs are, I can just see it in my mind that all sorts of stuff may break. Do any other changes have to be made if I name the port channel "inside" like the current single interface?

Any information is appreciated. Thanks!

0 Helpful
2 Replies 2

brettp
Level 1
Level 1
In response to MHM Cisco World

‎08-07-2024 07:34 AM - edited ‎08-07-2024 07:35 AM

Thank you... But ultimately, it's not entirely clear to me what this entails. The link you supplied notes: 

Q. How to migrate from a single port to a Port-Channel?

This change requires a Maintenance Window (MW) and is intrusive. Once you migrate from a single interface to Port-Channel all configuration related to the single interface is disassociated from it. Once you create the Port-Channel there is a need to re-associate the same configuration with the newly configured Port-Channel, for example, NAT, Routing, VPN, and so on.  For FTD there is a note in this document: Configure an EtherChannel 

The subsequent linked page notes: 

Before you begin

  • You cannot add a physical interface to the channel group if you configured a name for it. You must first remove the name

Note

  • If you are using a physical interface already in your configuration, removing the name will clear any configuration that refers to the interface.

What does "clear any configuration that refers to the interface" mean? Does it mean literally removing the rules, NATS, etc. that reference the name from the config? Does the infer it is removed from FMC? Or does it simply mean the running config on the FTD... Meaning, once I delete the physical "inside" interface... the config is removed from the FTD... then I can create an etherchannel with the name "inside" and re-deploy the existing config from FMC without any modifications? (I think its the later, based on what all of this says, but it's still unclear to me... and when this is done, I am not in the position for a startling surprise.)

Thanks. 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card