Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1890
Views
0
Helpful
5
Replies

Unable to remove the management interface from the logical device on the Cisco Firepower Chassis Manager

domevam
Level 1
Level 1

‎04-19-2021 02:47 AM

Hi all

I tried to remove interface management from logical device because I'm not use anymore, but it's not possible. If you try to change type for interface from fxos (/ssa/slot/app-instance* # clear-mgmt-bootstrap), it failed : Error: Update failed: [The interface type cannot be changed while the interface is in use. Remove the interface from the Logical Device before you attempt to change the type.]

I had to delete the logical device, change the interface type and re-create the logical device from scratch.

Anyone have suggest for it?

thanks

Domenico

0 Helpful
5 Replies 5

Marius Gunnerud
VIP
VIP

‎04-19-2021 02:57 AM

I assume you have done this, but just to check, have you removed all configuration that references the mgmt interface?  If you have, then I assume the issue is because the management interface is not only used for management interface but also for diagnostic interface.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

domevam
Level 1
Level 1
In response to Marius Gunnerud

‎04-19-2021 09:01 AM

Interface was configured only as management and not for diagnostic usage. Once it is configured as management, it is impossible to change its type and disassociate it from the logical device.

 

0 Helpful

Marius Gunnerud
VIP
VIP
In response to domevam

‎04-19-2021 10:14 AM

The management 0/0 interface has two separate interfaces associated with it.  So since the diagnostic interface is also associated with the interface it is logical that you will not be able to delete the management interface without having to rebuild it. 

Here is a solution from Cisco documentation that you might try next time.

from https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-interfaces.html#concept_EB3DE1BBDB9547EC8866365C7BC11792

 

(Hardware devices.) One way to configure Management/Diagnostic is to not wire the physical port to a network. Instead, configure the Management IP address only, and configure it to use the data interfaces as the gateway for obtaining updates from the internet. Then, open the inside interfaces to HTTPS/SSH traffic (by default, HTTPS is enabled) and open Firepower Device Manager using the inside IP address (see Configuring the Management Access List).

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

domevam
Level 1
Level 1
In response to Marius Gunnerud

‎04-21-2021 01:35 AM

Hi,

my depolyment not involve FTD but ASA in platform mode. So there is no way to disassociate management interface from logical device, that's all or you have a solution for that, without remove all logical device??

thamks for support.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to domevam

‎04-21-2021 10:42 AM

As far as I know, when you are operating an ASA in platform mode on a Firepower appliance it is required to allocate a physical management interface to it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card