Firepower switch port loss of communication bug

TimReedSent · ‎08-03-2023

Hi all,

We have a Firepower 1010 that we manage using the built in FDM. Whenever we manually upgrade software on the device or reboot it something happens to the ports that are in Switch Port mode. Access through the RA VPN is still possible but no traffic seems to go down the switch port and to fix the issue we have to connect in on the dedicated management interface, change the port to routed mode, deploy, then back to switch port and configure it. After this, everything is as it should be! Wondering if anyone else has experienced this issue/if there is a workaround for this or is it a known bug?

Thanks in advance

Divya Jain · ‎08-17-2023

Hi ,
Can you confirm your firepower version?

Also does this happen always when you do an upgrade?

Did you try collecting troubleshooting files when the issue occured?

To know the issue we need to check the error during the time of issue.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Thanks

Divya Jain

Jerry Naeem · ‎08-18-2023

Hello,

It seems like you're facing an issue with your Firepower 1010 device when manually upgrading software or rebooting it, specifically related to the ports in Switch Port mode. While I don't have real-time access to the latest information or updates, I can provide some general suggestions that might help you troubleshoot the issue:

Check Documentation and Release Notes: Before proceeding with any changes, it's important to consult the official documentation for your Firepower 1010 device. Additionally, review the release notes for any known issues or bugs related to the software version you're using.
Contact Support: If you suspect that this issue might be a bug or a known problem, it's a good idea to reach out to Cisco's technical support. They can provide you with the most up-to-date information and assistance based on your specific situation.
Review Configuration Changes: When you perform the manual software upgrade or reboot, carefully review any configuration changes that might have occurred during the process. This could provide insights into what might be affecting the switch port mode.
Test Different Scenarios: If possible, try to replicate the issue in a controlled environment. This can help you identify whether the problem is consistent and if it is directly related to the upgrade or reboot process.
Consider Workarounds: Since you mentioned that changing the port mode back and forth seems to resolve the issue, you might want to automate this process using scripts or templates. While this doesn't solve the root cause, it could make the recovery process faster and less error-prone.
Keep Software Updated: Ensure that you are using the latest recommended software version for your Firepower 1010. Regularly updating the software can help ensure that you have the latest bug fixes and improvements.
Monitor and Document: Keep a detailed log of the issue, the steps you take to resolve it, and any patterns you observe. This documentation can be valuable when seeking support or troubleshooting in the future.