[rancid] FXOS on FirePower 4140

Erik Muller erikm at buh.org
Fri Feb 8 20:26:49 UTC 2019 

On 2/8/19 14:02 , Chris Stromsoe wrote:
> I'm using fxlogin and fxos.pm from the development branch against a 
> FirePoweer 4140 running 2.4(1.122).  The default command table from 
> rancid.types.base isn't working.
> 
> After logging in to the 4110, I have access to:
> 
> fw# show
> chassis              cli                  clock
...

> If I do a 'connect fxos' I can get running-config and other information:
> 
> fw(fxos)# show
> aaa                   incompatibility       role
> access-lists          ingress-vlan-groups   routing
...
> Does the fxos module assume a FirePower running FTD?  I also have access to 
> an FP 2110 running FTD and fxos works fine there.
> 
> I don't have enough experience with the FirePower platform and fxos to know 
> if the current fxos module depends on running FTD, or if there are other 
> differences in fxos on the 2110 with FTD and the 4140 that are causing the 
> fxos module to fail.
> 
> Any pointers or suggestions?

The current fxos module assumes FTD on a 2100 platform (and I'm currently 
testing support for ASA on 2100).  My understanding is that the 4100 and 
9300 have a bit of a different architecture from the 2100, but I've not 
touched those to be able to say how exactly they differ.

It looks like the initial login layer on the 4100 must be different.  Is 
there any other "connect" option from either the initial login layer or the 
fxos layer, where the actual firewall functions are exposed?

On a 2100 the first layer you connect to is the FTD application (similar to 
legacy ASA platform), with a simple ">" prompt and a config syntax like:
 > show running-config
: Serial Number: J..........
: Hardware:   FPR-2130, 14854 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
:
NGFW Version 6.2.3.4
!
hostname firepower
...
!
interface Ethernet1/1
  nameif border1
...

After that in the fxos layer, the config is more like the the UCS FI:
  > connect fxos
Cisco Firepower Extensible Operating System (FX-OS) Software
xxx-fw01# sho configuration
  scope org
      enter bios-policy SRIOV
          set acpi10-support-config acpi10-support platform-default
...


and there's a much more limited command list available:
xxx-fw01# show
chassis              cli                  clock
configuration        eth-uplink           event
fabric-interconnect  fault                identity
ntp-overall-status   registry-repository  security
sel                  server               system
tech-support         timezone             version

More information about the Rancid-discuss mailing list