Solved: Re: FTD subinterface not getting any signal

sam cook · ‎09-12-2019

Hi,

One of my FTD 2110 (6.4.4) interfaces is interface DMZ in VLAN 333.

I created subinterface 1/4.333 and configure IP (MTU 1500) , vlanid 333 subinterfaceid 333 and enabled it)

I also enabled physical interface 1/4 with no IP (gave it a name and mtu 1500 )

The interface is shown as up but could not receive any packet and could not ping any other interface in the same vlan.

When I plug my laptop in the same switch port I can ping all adresses with no problem

It looks like a layer 2 issue to me... this problem is happening on both FTD of my cluster so i think it is not a hardware probleme but more to be configuration problem.

Any help please ?

attached pic of subinteraface status

sam cook · ‎09-13-2019

Thank you @adaws and @Marvin Rhoads .

I found the issue. I needed simply to authorize ICMP request and ICMP reply on this interface. 🙂

View solution in original post

Marvin Rhoads · ‎09-12-2019

The physical interface (parent of the subinterface) should not have a name.

Start by remedying that issue and see if it helps.

adaws · ‎09-13-2019

Certainly works like this on 6.4 just looked at one, as said the Physical interface does not have a name so maybe that

One thing that has caused problems is if a Security Zone is applied to the Physical with named security zones on sub-interfaces applying some types of NAT (Think such as matching port) would cause an outage while applying then roll-back. Known bug deep in the forest of cisco

sam cook · ‎09-13-2019

Thank you @adaws and @Marvin Rhoads .

I found the issue. I needed simply to authorize ICMP request and ICMP reply on this interface. 🙂