Enable the Physical Interface and Configure Ethernet Settings

This section describes how to:

Enable the physical interface. By default, physical interfaces are disabled (with the exception of the interface).
Set a specific speed and duplex. By default, speed and duplex are set to Auto.

This procedure only covers a small subset of Interface settings. Refrain from setting other parameters at this point. For example, you cannot name an interface that you want to use as part of an EtherChannel interface.

Note	For the Firepower 4100/9300, you configure basic interface settings in FXOS. See Configure a Physical Interface for more information.

Note	For Firepower 1010 switch ports, see Configure Firepower 1010 Switch Ports.

Before you begin

If you changed the physical interfaces on the device after you added it to the management center, you need to refresh the interface listing by clicking Sync Interfaces from device on the top left of Interfaces. For the Secure Firewall 3100, which supports hot swapping, see Manage the Network Module for the Secure Firewall 3100 before you change interfaces on a device.

Procedure

Step 1

Select Devices > Device Management and click Edit ( edit icon ) for your threat defense device. The Interfaces page is selected by default.

Step 2

Click Edit ( edit icon ) for the interface you want to edit.

Step 3

Enable the interface by checking the Enabled check box.

Step 4

(Optional) Add a description in the Description field.

The description can be up to 200 characters on a single line, without carriage returns.

Step 5

(Optional) Set the duplex and speed by clicking Hardware Configuration > Speed.

Duplex—Choose Full or Half. SFP interfaces only support Full duplex.
Speed—Choose a speed (varies depending on the model). (Secure Firewall 3100 only) Choose Detect SFP to detect the speed of the installed SFP module and use the appropriate speed. Duplex is always Full, and auto-negotiation is always enabled. This option is useful if you later change the network module to a different model, and want the speed to update automatically.
Auto-negotiation—Set the interface to negotiate the speed, link status, and flow control.

Forward Error Correction Mode—(Secure Firewall 3100 only) For 25 Gbps and higher interfaces, enable Forward Error Correction (FEC). For an EtherChannel member interface, you must configure FEC before you add it to the EtherChannel. The setting chosen when you use Auto depends on the transceiver type and whether the interface is fixed (built-in) or on a network module.

Default FEC for Auto Setting
Transceiver Type	Fixed Port Default FEC (Ethernet 1/9 through 1/16)	Network Module Default FEC
25G-SR	Clause 74 FC-FEC	Clause 108 RS-FEC
25G-LR	Clause 74 FC-FEC	Clause 108 RS-FEC
10/25G-CSR	Clause 74 FC-FEC	Clause 74 FC-FEC
25G-AOCxM	Clause 74 FC-FEC	Clause 74 FC-FEC
25G-CU2.5/3M	Auto-Negotiate	Auto-Negotiate
25G-CU4/5M	Auto-Negotiate	Auto-Negotiate

Step 6

(Optional) (Firepower 1100) Enable Link Layer Discovery Protocol (LLDP) by clicking Hardware Configuration > LLDP.

Enable LLDP Receive—Enables the firewall to receive LLDP packets from its peers.
Enable LLDP Transmit—Enables the firewall to send LLDP packets to its peers.

Step 7

In the Mode drop-down list, choose one of the following:.

None—Choose this setting for regular firewall interfaces and inline sets. The mode will automatically be changed to Routed, Switched, or Inline based on further configuration.
Passive—Choose this setting for passive IPS-only interfaces.
Erspan—Choose this setting for ERSPAN passive IPS-only interfaces.

Step 8

In the Priority field, enter a number ranging from 0–65535.

This value is used in the policy based routing configuration. The priority is used to determine how you want to distribute the traffic across multiple egress interfaces.

Step 9

Click OK.

Step 10

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.

Step 11

Continue configuring interfaces.