Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
5
Helpful
4
Replies

LACP on FPR 2140 using SFP+ NM Interfaces (FTD)

carlo.taddei1
Level 1
Level 1

‎12-13-2022 09:30 PM

Hello,

I'm trying to configure on a FPR-2140 appliance (FTD vers. 7.2.2) from FMCv (also running 7.2.2) equipped with a 4x SFP+ 10G NM etherchannels ports (LACP mode active) using using up to 4x 10G Interfaces.

This however do not seem to be working.

Generally speaking I can see a link up status (L1) (no ethernet activity from the FPR-2140 10 Gbit port itself though) as long as the port is not bundled - however as soon as I put the same interface into an Etherchannel Bond then is L1 connectivity completely gone.

Moreover, also simply configuring an IP address on the 10Gbit SFP+ Interface and using the Interface in Routed mode do not also seem to be working / possible. 

I've read on the FPR 2100 documentation series that those 4x 10Gbit SFP+ Interfaces are meant to be used (mainly) for the Hardware Bypass solution; nevertheless I've also come across posts on this community where the 4x 10Gbit SFP+ interfaces could be configured using the ASA image - i.e.:

https://community.cisco.com/t5/network-security/it-is-necessary-license-for-use-sfp-10gb-in-ports-on-fpr4k/td-p/4391319

Am I hitting an FTD / FMC Limitation here ?  

Do I need an extra License / different Firmware / FTD Image in order to be able to fully use those 10 Gbit SFP+ Ports ?
Is there a special configuration Procedure that I need to follow ?

Thank you for your help.

Best Regards

0 Helpful
4 Replies 4

carlo.taddei1
Level 1
Level 1

‎12-14-2022 12:10 AM

Hi - actually managed to solve the issue by myself - here the fix for future reference:
the 10G / SFP+ interfaces must be first enabled at fx-os level under the fabric scope; once enabled, it is possible to build / rollout LACP etherchannels from within FMC

Not 100% sure if this is a bug / limitation of the current FTD SW version or if it is so expected to work; nevertheless it would be definitely helpful to have it mentioned in the cisco configuration guides ...

ida71
Level 1
Level 1
In response to carlo.taddei1

‎12-15-2023 01:09 AM - edited ‎12-15-2023 01:10 AM

Hi Carlo,  I have a similar issue, my switch reports no LACP on remote end when shut/no shut issued on the etherchannel connected ports, but FMC says FTD setup is correct. Do you have a more specific info on the FXOS config ?  I have HA Pair of 2140's running v7.2.5 & the Primary 1st interface in port-channel is up, but second interface down/down on switch, same for both on Standby unit !  Been waiting days for TAC to come up with something useful

Thanks

Chris

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to ida71

‎12-15-2023 01:15 AM

Make new post

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-14-2022 12:22 AM

technically as per i know it support upto 16ports, what switch other side connected ? is the LACP come up or down all time ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card