Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
5
Helpful
2
Replies

VLAN sub-interface Unassignable during FTD Container Creation

Go to solution
dbotelhosybistech
Level 1
Level 1

‎01-19-2022 06:28 AM

According to this document regarding Clustering: Deploying a Cluster for Firepower Threat Defense on the Firepower 4100/9300 - Cisco

When you deploy a cluster on the Firepower 4100/ 9300 chassis, it does the following: . For native instance clustering: Creates a cluster-control link (by default, port-channel 48) for unit-to-unit communication. For multi-instance clustering: You should pre-configure subinterfaces on one or more cluster-type EtherChannels; each instance needs its own cluster control link.

FXOS: Configure Interfaces. Configure one management and all data interfaces that you intend to assign to the FTD. The cluster interface is defined by default as Port-Channel 48, but for inter-chassis clustering, you need to add member interfaces. For multi-instance clustering, you can add VLAN sub-interfaces to the cluster EtherChannel as well.

Inter-Chassis Clustering
Firepower 4115 Appliance        FXOS 2.9
FMC 1600                                     FMC 7.0
 
Problem:  When creating FXOS Firepower container Instance, the created instance does not show the PortChannel or the created VLAN sub-interfaces to assign to the created instance. 
 
How do I assign vlan sub-interfaces?
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2022 06:50 AM

You create the portchannel in Firepower Chassis Manager (or fxos cli) and then assign it to the logical device(s) - whether or not they are in containers or standalone.

Once you have that done you create subinterfaces for the assigned portchannels on FMC under device management interface configuration, add interface.

By the way... if you run 7.0+ on your FTD devices you need to have fxos 2.10+.

https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#reference_6DF211D8F60F423387D0316000333539

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2022 06:50 AM

You create the portchannel in Firepower Chassis Manager (or fxos cli) and then assign it to the logical device(s) - whether or not they are in containers or standalone.

Once you have that done you create subinterfaces for the assigned portchannels on FMC under device management interface configuration, add interface.

By the way... if you run 7.0+ on your FTD devices you need to have fxos 2.10+.

https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#reference_6DF211D8F60F423387D0316000333539

Go to solution
dbotelhosybistech
Level 1
Level 1
In response to Marvin Rhoads

‎01-19-2022 07:05 AM

Thanks so much for the quick and complete answer.  I appreciate it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card