[rancid] FXOS on FirePower 4140
erikm at buh.org
Fri Feb 8 20:26:49 UTC 2019
On 2/8/19 14:02 , Chris Stromsoe wrote:
> I'm using fxlogin and fxos.pm from the development branch against a
> FirePoweer 4140 running 2.4(1.122). The default command table from
> rancid.types.base isn't working.
> After logging in to the 4110, I have access to:
> fw# show
> chassis cli clock
> If I do a 'connect fxos' I can get running-config and other information:
> fw(fxos)# show
> aaa incompatibility role
> access-lists ingress-vlan-groups routing
> Does the fxos module assume a FirePower running FTD? I also have access to
> an FP 2110 running FTD and fxos works fine there.
> I don't have enough experience with the FirePower platform and fxos to know
> if the current fxos module depends on running FTD, or if there are other
> differences in fxos on the 2110 with FTD and the 4140 that are causing the
> fxos module to fail.
> Any pointers or suggestions?
The current fxos module assumes FTD on a 2100 platform (and I'm currently
testing support for ASA on 2100). My understanding is that the 4100 and
9300 have a bit of a different architecture from the 2100, but I've not
touched those to be able to say how exactly they differ.
It looks like the initial login layer on the 4100 must be different. Is
there any other "connect" option from either the initial login layer or the
fxos layer, where the actual firewall functions are exposed?
On a 2100 the first layer you connect to is the FTD application (similar to
legacy ASA platform), with a simple ">" prompt and a config syntax like:
> show running-config
: Serial Number: J..........
: Hardware: FPR-2130, 14854 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
NGFW Version 184.108.40.206
After that in the fxos layer, the config is more like the the UCS FI:
> connect fxos
Cisco Firepower Extensible Operating System (FX-OS) Software
xxx-fw01# sho configuration
enter bios-policy SRIOV
set acpi10-support-config acpi10-support platform-default
and there's a much more limited command list available:
chassis cli clock
configuration eth-uplink event
fabric-interconnect fault identity
ntp-overall-status registry-repository security
sel server system
tech-support timezone version
More information about the Rancid-discuss