Cisco Cisco Firepower Management Center 4000

9-5

FireSIGHT System User Guide

Chapter 9 Setting Up Virtual Routers

Configuring Routed Interfaces

To add a logical routed interface:

Access:

Admin/Network Admin

Step 1

Select

Devices > Device Management

The Device Management page appears.

Step 2

Next to the device where you want to add the routed interface, click the edit icon (

The Interfaces tab for that device appears.

Step 3

Click

Add Interface

The Add Interface pop-up window appears.

Step 4

Click

Routed

to display the routed interface options.

Step 5

From the

Interface

drop-down list, select the physical interface where you want to add the logical

interface.

Step 6

In the

VLAN Tag

field, type a tag value that gets assigned to inbound and outbound traffic on this interface.

The value can be any integer from 1 to 4094.

Step 7

Optionally, from the

Security Zone

drop-down list, select an existing security zone or select

New

to add a

new security zone.

Step 8

Optionally, from the

Virtual Router

drop-down list, select an existing virtual router or select

New

to add a

new virtual router.

Note that if you add a new virtual router, you must configure it on the Device Management page (

Devices

> Device Management > Virtual Routers

) after you finish setting up the routed interface. See

Adding Virtual

Routers, page 9-9

Step 9

Select the

Enabled

check box to allow the routed interface to handle traffic.

If you clear the check box, the interface becomes disabled and administratively taken down. If you
disable a physical interface, you also disable all of the logical interfaces associated with it.

Step 10

In the

MTU

field, type a maximum transmission unit (MTU), which designates the largest size packet

allowed. Note that the MTU is the Layer 2 MTU/MRU and not the Layer 3 MTU.

The range within which you can set the MTU can vary depending on the FireSIGHT System device
model and interface type. See

Configuring the Sensing Interface MTU, page 6-63

for more information.

Step 11

Next to

ICMP

, select the

Enable Responses

check box to communicate updates or error information to other

routers, intermediary devices, or hosts.

Step 12

Next to

IPv6 NDP

, select the

Enable Router Advertisement

check box to enable the interface to broadcast

router advertisements.

Step 13

To add an IP address, click

Add

The Add IP Address pop-up window appears.

Step 14

In the

Address

field, type the IP address in CIDR notation. Note the following:

•

You cannot add network and broadcast addresses, or the static MAC addresses 00:00:00:00:00:00
and FF:FF:FF:FF:FF:FF.

•

You cannot add identical IP addresses, regardless of subnet mask, to interfaces in virtual routers.

Step 15

Optionally, if your organization uses IPv6 addresses, next to the

IPv6

field, select the

Address

Autoconfiguration

check box to set the IP address of the interface automatically.

Step 16

For

Type

, select either Normal or SFRP.

For SFRP options, see

Configuring SFRP, page 9-7

for more information.