3 -9
Firepower 7000 Series Hardware Installation Guide
Chapter 3 Installing a Firepower 7000 Series Managed Device
Testing an Inline Bypass Interface Installation
If you are using a direct Ethernet connection to set up the appliance, confirm that the link LED is on for
both the network interface on the local computer and the management interface on the appliance. If the
management interface and network interface LEDs are not lit, try using a crossover cable. For more
information, see
Cabling Inline Deployments on Copper Interfaces, page 6-5
What To Do Next
•
Complete the setup process that allows the new appliance to communicate on your trusted
management network; see the
Firepower 7000 Series Getting Started Guide
.
•
If you are deploying a device with bypass interfaces, test that you properly installed these devices;
see
Testing an Inline Bypass Interface Installation, page 3-9
.
Testing an Inline Bypass Interface Installation
Managed devices with bypass interfaces provide the ability to maintain network connectivity even when
the device is powered off or inoperative. It is important to ensure that you properly install these devices
and quantify any latency introduced by their installation.
Note
Your switch’s spanning tree discovery protocol can cause a 30-second traffic delay. Cisco recommends
that you disable the spanning tree during the following procedure.
The following procedure, applicable only to copper interfaces, describes how to test the installation and
ping latency of an inline bypass interface. You will need to connect to the network to run ping tests and
connect to the managed device console.
Before You Begin
•
Ensure that the interface set type for the Firepower device is configured for inline bypass mode.
See Configuring Inline Sets in the
Firepower Management Center Configuration Guide
for
instructions on configuring an interface set for inline bypass mode.
To test a device with inline bypass interface installation:
Access:
Admin
Step 1
Set all interfaces on the switch, the firewall, and the device sensing interfaces to auto-negotiate.
Note
Firepower System devices require auto-negotiate when using auto-MDIX on the device.
Step 2
Power off the device and disconnect all network cables.
Reconnect the device and ensure you have the proper network connections. Check cabling instructions
for crossover versus straight-through from the device to the switches and firewalls, see
Deployments on Copper Interfaces, page 6-5
.
Step 3
With the device powered off, ensure that you can ping from the firewall through the device to the switch.
If the ping fails, correct the network cabling.
Step 4
Run a continuous ping until you complete step
Step 5
Power the device back on.