Cisco Cisco Firepower Management Center 4000
9-4
FireSIGHT System User Guide
Chapter 9 Setting Up Virtual Routers
Configuring Routed Interfaces
The IP address is added.
To edit an IP address, click the edit icon (
). To delete an IP address, click the delete icon (
).
Note
When adding an IP address to a routed interface of a clustered device, you must add a
corresponding IP address to the routed interface on the cluster peer.
corresponding IP address to the routed interface on the cluster peer.
Step 18
To add a static ARP entry, click
Add
.
The Add Static ARP Entry pop-up window appears.
Step 19
In the
IP Address
field, type an IP address for the static ARP entry.
Step 20
In the
MAC Address
field, type a MAC address to associate with the IP address. Enter the address using
the standard format of six groups of two hexadecimal digits separated by colons (for example,
01:23:45:67:89:AB
).
Step 21
Click
OK
.
The static ARP entry is added.
Tip
To edit a static ARP entry, click the edit icon (
). To delete a static ARP entry, click the delete icon
(
).
Step 22
Click
Save
.
The physical routed interface is configured. Note that your changes do not take effect until you apply the
device configuration; see
device configuration; see
.
Adding Logical Routed Interfaces
License:
Control
Supported Devices:
Series 3
For each physical routed interface, you can add multiple logical routed interfaces. You must associate
each logical interface with a VLAN tag to handle traffic received by the physical interface with that
specific tag. You must assign a logical routed interface to a virtual router to route traffic.
each logical interface with a VLAN tag to handle traffic received by the physical interface with that
specific tag. You must assign a logical routed interface to a virtual router to route traffic.
Note that disabling the
ICMP Enable Responses
option for routed interfaces does not prevent ICMP
responses in all scenarios. You can add rules to an access control policy to drop packets where the
destination IP is the routed interface’s IP and the protocol is ICMP. For more information about creating
access control rules, see
destination IP is the routed interface’s IP and the protocol is ICMP. For more information about creating
access control rules, see
. If you have
enabled the
Inspect Local Router Traffic
option on the managed device, it drops the packets before they
reach the host, thereby preventing any response. For more information about inspecting local router
traffic, see
traffic, see
.
Caution
Changing the maximum transmission unit (MTU) interrupts traffic on the device and packets are
dropped. The range within which you can set the MTU can vary depending on the FireSIGHT System
device model and interface type. See
dropped. The range within which you can set the MTU can vary depending on the FireSIGHT System
device model and interface type. See
for more
information.
To edit an existing routed interface, click the edit icon (
) next to the interface.