Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
2
Replies

Why Can ASA Use Port-Channel with BVI, but FTD in Routed Mode Can't?

sushmanthreddymereddy
Level 1
Level 1

‎02-04-2025 08:02 PM

Hey everyone,

I’ve been working with both ASA and FTD, and I noticed a key difference in how they handle port-channel interfaces in routed mode. On ASA, I can create a port-channel and assign it to a BVI without any issues. But when I try the same in FTD (managed via FMC), it doesn’t seem possible.

I’m trying to understand why this limitation exists in FTD:

  • What’s the reason ASA allows port-channels to be part of a BVI, but FTD in routed mode doesn’t?
  • Is this an architectural limitation, or is there a workaround to achieve something similar in FTD?
  • If BVIs aren’t supported in routed mode, what’s the recommended way to set up an aggregated interface with a single IP in FTD?

Would really appreciate any insights or documentation references explaining this difference. Thanks!

0 Helpful
2 Replies 2

sushmanthreddymereddy
Level 1
Level 1

‎02-04-2025 08:16 PM

I can create a port channel and can add in bvi in asa in routed mode but not in ftd managed by fmc

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni

‎02-05-2025 01:01 AM

these very good question you have raised.

please see my responce

  - What’s the reason ASA allows port-channels to be part of a BVI, but FTD in routed mode doesn’t?

SherazSalim_0-1738744549189.png

FTD in routed mode doesn't allow port-channels in BVIs because BVIs only accept physical interfaces as members, and a port-channel is a logical, not physical, interface. Here 

-Is this an architectural limitation, or is there a workaround to achieve something similar in FTD?

I think FTD to allow port-channels to be part of a Bridge Virtual Interface (BVI) in routed mode is primarily an architectural limitation.In transparent mode, BVIs can include port-channel interfaces, as the firewall operates at Layer 2. However, this is not possible in routed mode due to the design focus on Layer 3. workaround could be used as assign an IP address directly to the port-channel interface for routing without involving BVIs. This approach aligns with FTD’s routed mode capabilities while still utilizing link aggregation.

 -If BVIs aren’t supported in routed mode, what’s the recommended way to set up an aggregated interface with a single IP in FTD?

If BVIs (Bridge Virtual Interfaces) aren’t supported in routed mode onFTD , the best way would to set up an interface with a single IP address is to use Link Aggregation Groups (LAGs) or EtherChannel.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card