Subinterface IP not arp-ing to core switch

BobGreer65666 · ‎12-02-2020

Hi there,

Thanks for reading.

I have a subinterface (SI) on a physical interface (PI) on an FTD 1150 which is directly cabled to my core switch C4500. The core isn't receiving arps for the SI IP address.

FTD:

PI: Routed interface; no IP, enabled.

SI: Routed, /24 IP address, enabled

C4500:

PI: Trunked port, matching dot1.q vlan allowed, enabled

Route to SI IP address added to FTD

For sure, I missed something simple.

Thanks again for reading!

balaji.bandi · ‎12-02-2020

here is example how you can do on FTD.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

can you post on switch side config to undertand.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BobGreer65666 · ‎12-02-2020

Hi BB,

Thanks for writing!

Here's the switch-side interface:

interface TenGigabitEthernet1/1/5
description FIREWALL_DMZ
switchport trunk allowed vlan 112,113,115,116
switchport mode trunk
end

balaji.bandi · ‎12-02-2020

Do you have an FTD side sub-interface inline with this VLAN? 112,113,115,116

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

BobGreer65666 · ‎12-02-2020

Hi BB, yes I have all 4 vlans configured FTD-side. Looking at the jpeg, I realized that i'd misconfigured 1/7.115. I reconfigured it but still no arp. Same with the other 3 VSIs.

balaji.bandi · ‎12-02-2020

Not sure the image very clear. here is FTD with Trunk config if you using FDM

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/fdm/fptd-fdm-config-guide-650/fptd-fdm-interfaces.html#task_hrv_nyn_b3b

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help