Solved: FTD Multi-Instance Container Inter-Chassis Cluster 4115 and FMC1600

dbotelhosybistech · ‎01-20-2022

1). I am migrating ASA with 7 contexts to FTD. Attached is the 4115 Chassis Manager Interface screen. I would like multiple instances to share the same port channel with different VLANS. Once I associate an Instance with a portchannel, that interface is no longer available for assignment. The documentation is contradicting and says that with that 4100's not to use subinterfaces in FXOS. How do I accomplish this?

2) I also attached a screenshot of 2 Instances I created. the first one FMC1-A is configured as a cluster and I am unable to register it with FMC.

FMC1-B is configured as Standalone and I am able to register it. I included FTD`-B's screenshot of the interface config screen in FMC. Where do I assign subinterfaces, FXOS or FMC?

4115 with FXOS 2.11 and FTD 7.01 and FMC 7.01

Marvin Rhoads · ‎01-22-2022

"Shared interfaces are not supported for bridge group member interfaces (in transparent mode or routed mode), inline sets, passive interfaces, clusters, or failover links."

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/2111/web-guide/b_GUI_FXOS_ConfigGuide_2111/interface_management.html#id_20107

View solution in original post

Francesco Molino · ‎01-20-2022

Hi

once you created your port-channel, you can create sub-interfaces on Chassis Manager and attach each of them to the each instances.

You can see it in that documentation as supported:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos241/web-guide/b_GUI_FXOS_ConfigGuide_241/interface_management.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Marvin Rhoads · ‎01-21-2022

If you want an interface to be available for multiple container instances, specify that it is "data-sharing" type when creating it:

FCM - configure data sharing interface

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/2111/web-guide/b_GUI_FXOS_ConfigGuide_2111/interface_management.html#id_20107

To change it after it's already been associated you will need to first disassociate it from the logical device and then modify it.

dbotelhosybistech · ‎01-21-2022

Port-Channels configured as data-sharing do not appear when configuring an FTD Cluster Instance. Could you take a screenshot of this configured?

dbotelhosybistech · ‎01-21-2022

I'm confused, in this post you say to assign subinterfaces in FMC but above you are saying to configure subinterfaces in Firepower Chassis manager.

https://community.cisco.com/t5/network-security/vlan-sub-interface-unassignable-during-ftd-container-creation/td-p/4534228

dbotelhosybistech · ‎01-21-2022

Okay creating the port channel and subinterface on Firepower Chassis manager works only when I create an instance that is STANDALONE. When I create a CLUSTERED instance all of those same port-channels and subinterafaces are missing.

Marvin Rhoads · ‎01-22-2022

"Shared interfaces are not supported for bridge group member interfaces (in transparent mode or routed mode), inline sets, passive interfaces, clusters, or failover links."

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/2111/web-guide/b_GUI_FXOS_ConfigGuide_2111/interface_management.html#id_20107