Cisco Cisco Firepower Management Center 2000 Installationsanleitung

CBS(intf-gig-logical)# circuit mgmt

CBS(intf-gig-log-cct)# end

Repeat steps 1 through 3 for the other circuits you need to associate with physical ports.

In certain cases, you may need to use optional settings to correctly support your installation:

If your management circuit is on a different subnet from your Defense Center, create an IP route, as 
described in 

If you intend to monitor IPv6 traffic, add support for it as described in 

.

If you intend to monitor jumbo frame traffic, add support for it as described in 

.

If your management circuit is on a different subnet from your Defense Center, you must create an IP 
route so management traffic can cross subnets.

To create an IP route, use the following commands: 

CBS# configure

CBS(config)# ip

CBS(config-ip)# route vap-group vap_group_name 0.0.0.0/0 gateway_address domain_ID

where 

 is the name of the VAP group you want to configure and 

 is 

the default gateway address for the subnet on which the management circuit resides, and 

 

is the domain ID. 

If you configured your management circuit to use an alternate domain ID, then, when creating 
an IP route for that management circuit, the domain ID (

domain 2

 in our example) is a necessary 

part of the command.

For example, the VAP group you set up earlier is on the 10.1.16.0/24 subnet. If your Defense Center 
is on a different subnet (such as 10.1.17.0/24), you could use the following commands to set up an 
IP route for the VAP group named 

ABC

: 

CBS# configure

CBS(config)# ip

CBS(config-ip)# route vap-group ABC 0.0.0.0/0 10.1.16.1

 

domain 2

CBS(config-ip-route)# exit

CBS(config-ip-route)# end

If your network traffic is predominantly IPv4 with some IPv6, you should use the following 
configuration to detect the IPv6. This configuration also detects most IPv6 routing protocols and IPv4 
to IPv6 transition and tunneling mechanisms.