cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1740
Views
0
Helpful
6
Replies

Can not add device to firewpower management center on KVM

Sumanta Ghosh
Level 1
Level 1

Hi Experts

 

I have the FMC VM running on KVM on Ubuntu. I can reach gateway router on the same VLAN, but can not reach the Firepower 9300 cluster interfaces running FTD image. I should be able to add the in band mgmt interfaces to the FMC GUI. The cluster mgmt ports don't ping from anywhere.

 

Any suggestions?

 

 

Regards,

Sumanta.

1 Accepted Solution

Accepted Solutions

OK - the in-band management port for the cluster should indeed be accessible by ssh.

 

I'd recommend you go ahead and open a TAC case and they can dig in interactively with your and find out what's going wrong.

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

Are you able to reach the cluster management interfaces via ssh?

Hi Marvin

Thanks. I can only see ARP for the 10GE mgmt. interface (different from dedicated mgmt. on supervisor). I can't ping or ssh from directly attached GW router. FWR-2 cluster mgmt IP is 10.100.2.42 and FMC VM is 10.100.2.38. Primary FWR-1 SM module is faulty and is being RMA-ed by Cisco.

RP/0/RSP0/CPU0:LD6-DCGW-SR01#sh arp vrf nfvi_oam | inc 10.100.
Wed Sep 20 12:23:31.573 BST
10.100.2.33 - 0000.5e00.012a Interface ARPA Bundle-Ether13.512
10.100.2.34 - 0896.ad76.ce3b Interface ARPA Bundle-Ether13.512
10.100.2.35 00:21:40 0896.ad76.fb83 Dynamic ARPA Bundle-Ether13.512
10.100.2.38 00:02:54 5254.008b.a9ce Dynamic ARPA Bundle-Ether13.512
10.100.2.42 00:00:18 2c5a.0f91.6e5d Dynamic ARPA Bundle-Ether13.512

RP/0/RSP0/CPU0:LD6-DCGW-SR01#ssh vrf nfvi_oam 10.100.2.42 username admin


Hi Marvin

Are the cluster mgmt. interfaces open to SSH login? SSH and HTTPS works fine with the OOB mgmt. 1GE port on the chassis.

Are you trying to log into the cluster control link address? if so, I don't believe that is supported. That link is for unit-unit use only and is used for data and control traffic among the cluster members

Hi Marvin

Thanks. No. I am trying to ping/SSH to the in band mgmt. interface which is created during cluster deployment from FP chassis. I can only see ARP in the adjacent L3 device, but no communication, either from the FMC VM or any other remote host is possible. Does this mgmt port (no 8 in the supervisor module) allow anything except FMC traffic?
As per doc, this mgmt port has to be different from the dedicated OOB port on the supervisor.

OK - the in-band management port for the cluster should indeed be accessible by ssh.

 

I'd recommend you go ahead and open a TAC case and they can dig in interactively with your and find out what's going wrong.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: