Cisco Cisco Firepower Management Center 4000
9-3
FireSIGHT System User Guide
Chapter 9 Setting Up Virtual Routers
Configuring Routed Interfaces
The Edit Interface pop-up window appears.
Step 4
Click
Routed
to display the routed interface options.
Step 5
Optionally, from the
Security Zone
drop-down list, select an existing security zone or select
New
to add a
new security zone.
Step 6
Optionally, from the
Virtual Router
drop-down list, select an existing virtual router or select
New
to add a
new virtual router.
Note that if you add a new virtual router, you must configure it on the Virtual Routers tab of the Device
Management page (
Management page (
Devices > Device Management > Virtual Routers
) after you set up the routed interface. See
Step 7
Select the
Enabled
check box to allow the routed interface to handle traffic.
If you clear the check box, the interface becomes disabled so that users cannot access it for security
purposes.
purposes.
Step 8
From the
Mode
drop-down list, select an option to designate the link mode or select
Autonegotiation
to
specify that the interface is configured to auto negotiate speed and duplex settings. Note that mode
settings are available only for copper interfaces.
settings are available only for copper interfaces.
Note
Interfaces on 8000 Series appliances do not support half-duplex options.
Step 9
From the
MDI/MDIX
drop-down list, select an option to designate whether the interface is configured for
MDI (medium dependent interface), MDIX (medium dependent interface crossover), or Auto-MDIX.
Note that MDI/MDIX settings are available only for copper interfaces.
Note that MDI/MDIX settings are available only for copper interfaces.
Normally, MDI/MDIX is set to Auto-MDIX, which automatically handles switching between MDI and
MDIX to attain link.
MDIX to attain link.
Step 10
In the
MTU
field, type a maximum transmission unit (MTU), which designates the largest size packet
allowed. Note that the MTU is the Layer 2 MTU/MRU and not the Layer 3 MTU.
The range within which you can set the MTU can vary depending on the FireSIGHT System device
model and interface type. See
model and interface type. See
for more information.
Step 11
Next to
ICMP
, select the
Enable Responses
check box to allow the interface to respond to ICMP traffic such
as pings and traceroute.
Step 12
Next to
IPv6 NDP
, select the
Enable Router Advertisement
check box to enable the interface to broadcast
router advertisements.
Step 13
To add an IP address, click
Add
.
The Add IP Address pop-up window appears.
Step 14
In the
Address
field, type the routed interface’s IP address and subnet mask using CIDR notation. Note
the following:
•
You cannot add network and broadcast addresses, or the static MAC addresses 00:00:00:00:00:00
and FF:FF:FF:FF:FF:FF.
and FF:FF:FF:FF:FF:FF.
•
You cannot add identical IP addresses, regardless of subnet mask, to interfaces in virtual routers.
Step 15
Optionally, if your organization uses IPv6 addresses, next to the
IPv6
field, select the
Address
Autoconfiguration
check box to set the IP address of the interface automatically.
Step 16
For
Type
, select either Normal or SFRP.
For SFRP options, see
for more information.
Step 17
Click
OK
.