Skip to main content

 

 

Cisco Defense Orchestrator

Add an EtherChannel Interface for Firepower Threat Defense

EtherChannel Interface Limitations 

An EtherChannel, depending on the device model, can include multiple member interfaces of the same media type and capacity and must be set to the same speed and duplex. You cannot mix interface capacities (for example 1GB and 10GB interfaces) by setting the speed to be lower on the larger-capacity interface. The Link Aggregation Control Protocol (LACP) aggregates interfaces by exchanging the Link Aggregation Control Protocol Data Units (LACPDUs) between two network devices.

EtherChannel interfaces have a number of limitations based on physical configuration and software versions. See the sections below for more information. 

General Interface Limitations

  • EtherChannels are only available on devices running FTD version 6.5 and later. 
  • EtherChannels must be routed
  • CDO supports up to 48 EtherChannel interface configurations on the following physical Firepower devices: 1010, 1120,1140,1150, 2110, 2120, 2130, 2140. For interface limitations per device model, see Device-Specific Requirements.
  • All interfaces in the channel group must be the same media type and capacity, and must be set to the same speed and duplex. The media type can be either RJ-45 or SFP; SFPs of different types (copper and fiber) can be mixed. You cannot mix interface capacities (for example 1GB and 10GB interfaces) by setting the speed to be lower on the larger-capacity interface.
  • The device to which you connect the FTD EtherChannel must also support 802.3ad EtherChannels.
  • The FTD does not support LACPDUs that are VLAN-tagged. If you enable native VLAN tagging on the neighboring switch using the Cisco IOS vlan dot1Q tag native command, then the FTD will drop the tagged LACPDUs. Be sure to disable native VLAN tagging on the neighboring switch.
  • All FTD configuration refers to the logical EtherChannel interface instead of the member physical interfaces.
  • Portchannel interfaces are displayed as physical interfaces. 

Device-Specific Limitations

The following devices have specific interface limitations:

1000 Series
  • Firepower 1010 supports up to 8 EtherChannel interfaces.
  • Firepower 1120,1140,1150 supports up to 12 EtherChannel interfaces.
  • 1000 series do not support LACP rate fast; LACP always uses the normal rate. This setting is not configurable. 
2100 Series
  • Firepower 2110 and 2120 models supports up to 12 EtherChannel interfaces.
  • Firepower 2130 and 2140 models support up to 16 EtherChannel interfaces. 
  • 2100 series do not support LACP rate fast; LACP always uses the normal rate. This setting is not configurable. 
4100 Series and 9300 Series
  • You cannot create or configure EtherChannels on the 4100 and 9300 series. Etherchannels for these devices must be configured in the FXOS chassis. 
  • Etherchannels on the 4100 and 9300 series appear in CDO as physical interfaces. 

Add an EtherChannel Interface 

Use the following procedure to add an EtherChannel to your FTD:

Note: If you want to immediately create another EtherChannel, check the Create another checkbox and then click Create.

  1. Log into CDO. 
  2. In the navigation pane, click Devices & Services
  3. Select the FTD you want to add an EtherChannel to. In the Management pane located to the right, select Interfaces
  4. Click the blue plus button blue_cross_button.png and select EtherChannel
  5. (Optional) Enter a Logical Name
  6. (Optional) Enter a description.
  7. Enter the EtherChannel ID.

For Firepower 1010 series, enter a value between 1 and 8.
For the Firepower 2100, 4100, and 9300 series, enter a value between 1 and 48.

  1. Click the drop-down button for Link Aggregation Control Protocol and select one of the two options:
    • Active - Sends and receives LACP updates. An active EtherChannel can establish connectivity with either an active or a passive EtherChannel. You should use the active mode unless you need to minimize the amount of LACP traffic.
    • On - The EtherChannel is always on, and LACP is not used. An on EtherChannel can only establish a connection with another EtherChannel that is also configured to be on
  2. Search for and select the interfaces you want to include in the EtherChannel as memebers. You must include at least one interface.

Warning: If you add an EtherChannel interface as a member and it already has an IP address configured, CDO removes the IP address of the member.  

  1. Click Create

 

Related Articles:

  • Was this article helpful?