Usage Guidelines - Cisco Firepower 4100 Command Reference Manual

S Commands
Within the FTD application, the physical management interface is shared between the Diagnostic logical

Usage Guidelines

interface and the Management logical interface. The Management logical interface is separate from the other
interfaces on the device. It is used to set up and register the device to the Firepower Management Center. It
uses its own local authentication, IP address, and static routing. See the "Management Interfaces" section in
the Firepower Management Center configuration guide System Configuration chapter.
The Diagnostic logical interface can be configured along with the rest of the data interfaces on the FMC
Devices > Device Management > Interfaces screen. Using the Diagnostic interface is optional. The Diagnostic
interface only allows management traffic, and does not allow through traffic.
Container instances can share data-sharing type interfaces. This capability lets you conserve physical interface
usage as well as support flexible networking deployments. When you share an interface, the chassis uses
unique MAC addresses to forward traffic to the correct instance. However, shared interfaces can cause the
forwarding table to grow large due to the need for a full mesh topology within the chassis (every instance
must be able to communicate with every other instance that is sharing the same interface). Therefore, there
are limits to how many interfaces you can share.
In addition to the forwarding table, the chassis maintains a VLAN group table for VLAN subinterface
forwarding. Depending on the number of parent interfaces and other deployment decisions, you can create
up to 500 VLAN subinterfaces.
See the following limits for shared interface allocation:
• Maximum 14 instances per shared interface. For example, you can allocate Ethernet1/1 to Instance1
• Maximum 10 shared interfaces per instance. For example, you can allocate Ethernet1/1.1 through
Example
The following example adds Port-Channel 1 with 4 member interfaces, sets the type to data, and sets
the EtherChannel to On mode.
firepower# scope eth-uplink
firepower /eth-uplink # scope fabric a
firepower /eth-uplink/fabric # create port-channel 1
firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/1
firepower /eth-uplink/fabric/port-channel/member-port* # exit
firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/2
firepower /eth-uplink/fabric/port-channel/member-port* # exit
firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/3
firepower /eth-uplink/fabric/port-channel/member-port* # exit
firepower /eth-uplink/fabric/port-channel* # create member-port Ethernet1/4
firepower /eth-uplink/fabric/port-channel/member-port* # exit
firepower /eth-uplink/fabric/port-channel* # set port-type data
firepower /eth-uplink/fabric/port-channel* # set port-channel-mode on
The following example adds three subinterfaces and sets the port type to data-sharing.
Firepower# scope eth-uplink
Firepower /eth-uplink # scope fabric a
Firepower /eth-uplink/fabric # enter interface Ethernet1/1
Firepower /eth-uplink/fabric/interface # enter subinterface 10
Firepower /eth-uplink/fabric/interface/subinterface* # set vlan 10
Firepower /eth-uplink/fabric/interface/subinterface* # set port-type data-sharing
through Instance14.
Ethernet1/1.10 to Instance1.
Cisco Firepower 4100/9300 FXOS Command Reference
set port-type
211