Cisco Cisco Firepower Management Center 2000 기술 매뉴얼
Contents
Introduction
Prerequisites
Components Used
Network Diagram
Configuration
EIGRP Example
OSPF Example
BGP Example
Verification
EIGRP
OSPF
BGP
Troubleshooting
Introduction
Routing protocols send hello messages and keepalives to exchange routing information and
ensure that neighbors are still reachable. Under heavy load, a Cisco Firepower appliance may
delay a keepalive message (without dropping it) long enough for a router to declare its neighbor
down. The document provides you the steps to create a Trust rule to exclude keepalives and
control plane traffic of a routing protocol. It enables the Firepower appliances or services to switch
packets from ingress to egress interface, without the delay of inspection.
ensure that neighbors are still reachable. Under heavy load, a Cisco Firepower appliance may
delay a keepalive message (without dropping it) long enough for a router to declare its neighbor
down. The document provides you the steps to create a Trust rule to exclude keepalives and
control plane traffic of a routing protocol. It enables the Firepower appliances or services to switch
packets from ingress to egress interface, without the delay of inspection.
Prerequisites
Components Used
The Access Control policy changes on this document use the following hardware platforms:
FireSIGHT Management Center (FMC)
●
Firepower appliance: 7000 series, 8000 series models
●
Note: The information on this document was created from the devices in a specific lab
environment. All of the devices used in this document started with a cleared (default)
configuration. If your network is live, make sure that you understand the potential impact of
any command.
environment. All of the devices used in this document started with a cleared (default)
configuration. If your network is live, make sure that you understand the potential impact of
any command.
Network Diagram
Router A and Router B are layer-2 adjacent, and are unaware of the inline Firepower
appliance (labeled as ips).
appliance (labeled as ips).
●
Router A - 10.0.0.1/24
●
Router B - 10.0.0.2/24
●