Re: Bonding or Team Interface on Firepower 1010 w/VLANs?

1timcisco · ‎07-22-2021

Is there a way to team or bond the 1/7 & 1/8 port on the firepower 1010 device. I am using the FMC to manage the device.

The configuration im trying to achieve is that I have 2 POE cisco business access points and I have 2 POE ports to power themSwitching. The power from the ports is fine but I want them to be on the same network so I can manage the Access Points from the same UI instead of creating a seperate network for both AP's.

The device is in Routed Mode & the 2 POE interfaces im trying to bond have vlans also.

pieterh · ‎07-23-2021

no need to "bond or team" ports,

the device has "L2 switch support."-> you connect the AP's just as you would on any switch

Cable the Device (6.5 and Later)

To cable the recommended scenario on the Firepower 1010, see the following illustration, which shows a sample topology using Ethernet1/1 as the outside interface and the remaining interfaces as switch ports on the inside network

By default, Ethernet1/1 is a regular firewall interface that you can use for outside, and the remaining interfaces are switch ports on VLAN 1; after you add the VLAN1 interface, you can make it your inside interface. You can alternatively assign switch ports to other VLANs, or convert switch ports to firewall interfaces.

1timcisco · ‎07-23-2021

I should have mentioned that the Firepower 1010 is in routed mode. I have different networks on each interface for segmentation. The 2 POE ports that I am trying to bond together also have VLANs on them.

pieterh · ‎07-25-2021

doesn't matter the device is in routed mode, it's the port config that matters,
if those still are switchports then you can configure the same vlan on both ports.

Step 3

(Optional) Disable switch port mode for any of the switch ports (Ethernet1/2 through 1/8) by clicking the slider in the SwitchPort column so it shows as disabled

for your purpase I suggest to set this to enabled

if you keep it on disabled, you will not be able to use the same vlan/subnet on multiple ports
when you remain with the current setup using for both access points on different subnet,

you still can use the same management interface for both access points.
but then you need to "prime" one of the access points with the ip-address of the "controller" on the other AP using either static configuration, DHCP-opt43 or DNS-record

1timcisco · ‎07-27-2021

pieterh, Im trying to replicate interface 1/8+sub interfaces to 1/7 where I am trying to add a new access point but the new access point wont pickup, it just keeps acting like a new access point and want me to set it up that way.

pieterh · ‎07-27-2021

as already explained you cannot accomplish your goal with ET1/8 being a routed interface,

-> read the procedure in the manual again

Step 3

(Optional) Disable switch port mode for any of the switch ports

optional means you can skip this step and let the port remain a switchport
after that you should still be able to add and configure the vlan interfaces (for both physical ports now)