Guest

Preview Tool

Cisco Bug: CSCvt30240 - FDM: Block Flexconfig for physical interfaces that are members of Port-Channels

Last Modified

Jun 02, 2020

Products (1)

  • Cisco Firepower NGFW

Known Affected Releases

6.5.0

Description (partial)

Symptom:
Currently, when a Port-Channel is created on FTD, LINA has no visibility to member interfaces and only the port-channel interface gets allocated to LINA.  That means that on LINA, the interfaces associated with the Port-Channel will "disappear".

However, if the customer tries to send a FlexConfig (e.g. configure description on the interface) to the physical interface that is member of the port-channel, the Flexconfig will be sent and then the physical interface will appear again on the LINA side giving a false indication that the interface is not part of the port-channel anymore:

FDM# sh run interface 
!
interface Port-channel1
 nameif pout
 cts manual
  propagate sgt preserve-untag
  policy static sgt disabled trusted
 security-level 0
 ip address x.x.x.x y.y.y.y
!
interface Ethernet1/3
 description String_here
 shutdown
 no nameif
 no security-level
 no ip address

FDM(local-mgmt)# show portchannel summary 
Flags:  D - Down        P - Up in port-channel (members)
I - Individual  H - Hot-standby (LACP only)
s - Suspended   r - Module-removed
S - Switched    R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
1     Po1(U)      Eth      LACP      Eth1/3(U)    Eth1/4(U)

Conditions:
Flexconfig sent to physical interfaces that are members of port-channels.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.