Add an EtherChannel Interface for an FDM-Managed Device

EtherChannel Interface Limitations

An EtherChannel, depending on the device model, can include multiple member interfaces of the same media type and capacity and must be set to the same speed and duplex. You cannot mix interface capacities (for example 1GB and 10GB interfaces) by setting the speed to be lower on the larger-capacity interface. The Link Aggregation Control Protocol (LACP) aggregates interfaces by exchanging the Link Aggregation Control Protocol Data Units (LACPDUs) between two network devices.

EtherChannel interfaces have a number of limitations based on physical configuration and software versions. See the sections below for more information.

General Interface Limitations

  • EtherChannels are only available on devices running FDM-managed Version 6.5 and later.

  • Cisco Defense Orchestrator supports EtherChannel interface configuration on the following Firepower devices: 1010, 1120, 1140, 1150, 2110, 2120, 2130, 2140, 3110, 3120, 3130, and 3140. For interface limitations per device model, see Device-Specific Requirements.

  • All interfaces in the channel group must be the same media type and capacity, and must be set to the same speed and duplex. The media type can be either RJ-45 or SFP; SFPs of different types (copper and fiber) can be mixed. You cannot mix interface capacities (for example 1GB and 10GB interfaces) by setting the speed to be lower on the larger-capacity interface.

  • The device to which you connect the EtherChannel must also support 802.3ad EtherChannels.

  • The FDM-managed device does not support LACPDUs that are VLAN-tagged. If you enable native VLAN tagging on the neighboring switch using the Cisco IOS vlan dot1Q tag native command, then the FDM-managed device will drop the tagged LACPDUs. Be sure to disable native VLAN tagging on the neighboring switch.

  • All FDM-managed device configuration refers to the logical EtherChannel interface instead of the member physical interfaces.

  • Portchannel interfaces are displayed as physical interfaces.

Device-Specific Limitations

The following devices have specific interface limitations:

1000 Series

  • Firepower 1010 supports up to 8 EtherChannel interfaces.

  • Firepower 1120,1140,1150 supports up to 12 EtherChannel interfaces.

  • 1000 series do not support LACP rate fast; LACP always uses the normal rate. This setting is not configurable.

2100 Series

  • Firepower 2110 and 2120 models supports up to 12 EtherChannel interfaces.

  • Firepower 2130 and 2140 models support up to 16 EtherChannel interfaces.

  • 2100 series do not support LACP fast rate; LACP always uses the normal rate. This setting is not configurable.

Secure Firewall 3100 Series

  • All Secure Firewall 3100 models support up to 16 EtherChannel interfaces.

  • The Secure Firewall 3100 models support LACP fast rate.

  • The Secure Firewall 3100 series models do not support enabling or disabling of network modules and breakout online insertion and removal (OIR) of interfaces.

4100 Series and 9300 Series

  • You cannot create or configure EtherChannels on the 4100 and 9300 series. Etherchannels for these devices must be configured in the FXOS chassis.

  • Etherchannels on the 4100 and 9300 series appear in Cisco Defense Orchestrator as physical interfaces.