cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1901
Views
10
Helpful
9
Replies

How to configure firepower 1120 redundant interfaces

jhudspeth
Level 1
Level 1

Good Morning all,

I am working on a new network deployment and at the top is a Cisco Firepower 1120.  I am going down to two datacore switches from the firepower and would like each datacore switch to have it's own uplink from the Firepower.  Each inside interface will also have a number of sub-interfaces attached to it due to the need for additional subnets/vlans.

I am not seeing an option that will allow this to happen such as a vlan tagging per port or anything like that and could use some help!

For context, I am managing this 1120 through FMC.

Any help would be awesome!

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

Can you please draw a diagram how these are connected understand.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jhudspeth
Level 1
Level 1

@Rob Ingram Hey Rob,

Thanks for the response, I have created the sub interfaces, that isn't a problem, its creating a second "inside" link to my second datacore switch that I'm having trouble with.

@balaji.bandi Please see the crude drawing below:


@jhudspeth do these connections to the DC switches need to be a port-channel? If so create the Port Channel, then create sub-interfaces on the port-channel and add to the required zones.

 

Cheers for the diagram, are these 2 DC connected and Layer 2 extended ?

hope you are looking HA ? do you have another FP1120 ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jhudspeth
Level 1
Level 1

@Rob Ingram Not necessarily no they do not need to be a port channel.

@balaji.bandi Currently it is just the single firepower no HA pair here.

ok you can do the subinterface on Firepower as rob suggested, on the switch side you can make as Trunk to allow that VLAN.

or am I missing something here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jhudspeth
Level 1
Level 1

@balaji.bandi The issue is, getting an individual uplink from the firewall to BOTH datacore switches, while keeping them on the same subnet, i don't see like a redundant interface option in FMC.

Did you ever figure out a design for the redundant connections? I'm also struggle with a single 1020 and configuring redundant connections. 

Review Cisco Networking for a $25 gift card