08-24-2022 08:23 AM
Good Morning all,
I am working on a new network deployment and at the top is a Cisco Firepower 1120. I am going down to two datacore switches from the firepower and would like each datacore switch to have it's own uplink from the Firepower. Each inside interface will also have a number of sub-interfaces attached to it due to the need for additional subnets/vlans.
I am not seeing an option that will allow this to happen such as a vlan tagging per port or anything like that and could use some help!
For context, I am managing this 1120 through FMC.
Any help would be awesome!
08-24-2022 08:49 AM
Can you please draw a diagram how these are connected understand.
08-24-2022 08:51 AM - edited 08-24-2022 08:52 AM
@jhudspeth here is the guide to create sub-interfaces using FMC
08-24-2022 09:00 AM
@Rob Ingram Hey Rob,
Thanks for the response, I have created the sub interfaces, that isn't a problem, its creating a second "inside" link to my second datacore switch that I'm having trouble with.
@balaji.bandi Please see the crude drawing below:
08-24-2022 09:15 AM
@jhudspeth do these connections to the DC switches need to be a port-channel? If so create the Port Channel, then create sub-interfaces on the port-channel and add to the required zones.
08-24-2022 09:21 AM
Cheers for the diagram, are these 2 DC connected and Layer 2 extended ?
hope you are looking HA ? do you have another FP1120 ?
08-24-2022 11:28 AM
@Rob Ingram Not necessarily no they do not need to be a port channel.
@balaji.bandi Currently it is just the single firepower no HA pair here.
08-24-2022 11:45 AM
ok you can do the subinterface on Firepower as rob suggested, on the switch side you can make as Trunk to allow that VLAN.
or am I missing something here ?
08-24-2022 11:54 AM
@balaji.bandi The issue is, getting an individual uplink from the firewall to BOTH datacore switches, while keeping them on the same subnet, i don't see like a redundant interface option in FMC.
11-02-2023 05:19 AM
Did you ever figure out a design for the redundant connections? I'm also struggle with a single 1020 and configuring redundant connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide