Cisco Cisco Firepower Management Center 4000
9-7
FireSIGHT System User Guide
Chapter 9 Setting Up Virtual Routers
Configuring Routed Interfaces
The interface is deleted. Note that your changes do not take effect until you apply the device
configuration; see
configuration; see
Configuring SFRP
License:
Control
Supported Devices:
Series 3
You can configure Cisco Redundancy Protocol (SFRP) to achieve network redundancy for high
availability on either a device cluster or individual devices. SFRP provides gateway redundancy for both
IPv4 and IPv6 addresses. You can configure SFRP on routed and hybrid interfaces.
availability on either a device cluster or individual devices. SFRP provides gateway redundancy for both
IPv4 and IPv6 addresses. You can configure SFRP on routed and hybrid interfaces.
If the interfaces are configured on individual devices, they must be in the same broadcast domain. You
must designate at least one of the interfaces as master and an equal number as backup. The system
supports only one master and one backup per IP address. If network connectivity is lost, the system
automatically promotes the backup to master to maintain connectivity.
must designate at least one of the interfaces as master and an equal number as backup. The system
supports only one master and one backup per IP address. If network connectivity is lost, the system
automatically promotes the backup to master to maintain connectivity.
The options you set for SFRP must be the same on all interfaces in a group of SFRP interfaces. Multiple
IP addresses in a group must be in the same master/backup state. Therefore, when you add or edit an IP
address, the state you set for that address propagates to all the addresses in the group. For security
purposes, you must enter values for
IP addresses in a group must be in the same master/backup state. Therefore, when you add or edit an IP
address, the state you set for that address propagates to all the addresses in the group. For security
purposes, you must enter values for
Group ID
and
Shared Secret
that are shared among the interfaces in the
group.
To enable SFRP IP addresses on a virtual router, you must also configure at least one non-SFRP IP
address.
address.
For clustered devices, you designate the shared secret and the system copies it to the cluster peer along
with the SFRP IP configuration. The shared secret authenticates peer data.
with the SFRP IP configuration. The shared secret authenticates peer data.
For more information about clustering devices, see
To configure SFRP:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to configure SFRP, click the edit icon (
).
The Interfaces tab for that device appears.
Step 3
Next to the interface where you want to configure SFRP, click the edit icon (
).
The Edit Interface pop-up window appears.
Step 4
Select the type of interface where you want to configure SFRP:
•
Click
Routed
to display the routed interface options.
•
Click
Hybrid
to display the hybrid interface options.
Step 5
You can configure SFRP while adding or editing an IP address:
•
To add an IP address, click
Add
.
•
To edit an IP address, click the edit icon (
).
The Add IP Address or Edit IP Address pop-up window appears.