MAC not showing up in address table on Firepower 1010

kwalls · ‎06-15-2022

Hello,

I'm new to the community here and I've tried searching but have not found much that specifically answers what I'm going for. I have a firepower 1010 unit--a few actually--that we run our alarm panels through. These are DMP XR-550s and XR-150s mostly. However recently we've gotten a few that we just aren't seeing any connection events from. Ports show light activity, objects are correct and in the right groups, and the security companies have even replaced their panels and the cables. They can't get out when they test either, but again, not even blocked traffic showing up, let alone any. When I CLI into the firewalls, I don't even see MAC addresses for these panels, which is why I made that the title. Does anyone have any idea what this could be? Multiple ports have been tested (found good), health policies and firewall policies are correct. I would figure I'd at least see a MAC address off the device, as we can see the MACs of anything else connected.

Any help would be appreciated!

Marius Gunnerud · ‎06-15-2022

how are the FTD 1010 connected to the network? directly to the FTD or connected to a switch that then connects to the FTD.

If they are connecting to a switch, do you see the MAC address associated to the port that these devices are connected to?

How are you checking for the mac address? which command?

Do the devices have static or dynamic IP? if dynamic, have you verified that they are receiving an IP from the DHCP server?

you could run system support firewall-engine-debug from the FTD CLI, put in the server and client IP (leave everything else blank) and then run a test.

--
Please remember to select a correct answer and rate helpful posts

kwalls · ‎06-16-2022

The FTD 1010 connects to a switch which runs back to our core to our FMC management system.

I do see the firewall MAC on the switch from the inside port and management ports.

I'm using "show mac-address-table" and "show ARP."

They have static that are programmed in on the alarm panel's side, not ours. But I do have the object in FMC labeled correctly with the matching IP address to make sure it's handed out to the alarm panel.

I'll try that test in the meantime! Thanks for your assistance!

Marius Gunnerud · ‎06-19-2022

I was not talking about the firewall MAC but the DMP XR devices. Do you see their MAC addresses in the switch's CAM table?

I am not familiar with the devices you are using, but I have seen several times that cameras, printers, etc, that have static IPs and are moved to a different port stop working because the switch does not learn the MAC on the new port since the device does not send any initial traffic for the switch to learn the MAC. If the device is using DHCP then the DHCP request will be the traffic that allows the switch to learn the MAC address, but often these devices do not send traffic if not requested.

--
Please remember to select a correct answer and rate helpful posts

kwalls · ‎06-22-2022

Thank you for the reply Marius.

I wasn't aware of that but it makes sense. And yes, I meant the DMP XR devices. They are set to static so now you have me wondering. What would be the best way to resolve this? Set the device to DHCP and then change it back to static? Or I guess I could create a DHCP reservation for the MAC of the device and just let it set the IP from our side, I don't think it would really change much with how simple our setups are.

Marius Gunnerud · ‎06-22-2022

You have a couple options here. I think creating s DHCP reservation in the DHCP server is the better option. Depending on the type of switch and its capabilities you can configure the switch port with the MAC addres of the DMP XR device connected to it. That way the switch will always know the MAC address. The down side to this is if the device is moved to a different port it will stop working again, or have varying results. And if you do not remember you set the MAC on the switch port it can be difficult to figure it out. Also, if a new device is connected to that switch port it will not work until the MAC address is removed from the switch port configuration.

--
Please remember to select a correct answer and rate helpful posts