Ethernet X/68Ethernet X/47
Network activity LEDs
• Off—No connection or port is not in use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
10Ethernet X/89
For More Information
• For a list of copper SFPs, see Supported SFP/SFP+ Transceivers, on page 31.
Hardware Bypass Network Modules
Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces
to go into bypass mode so that the hardware forwards packets between these port pairs without software
intervention. Hardware bypass provides network connectivity when there are software or hardware failures.
Hardware bypass is useful on ports where the Firepower security appliance is only monitoring or logging
traffic. The hardware bypass network modules have an optical switch that is capable of connecting the two
ports when needed. The hardware bypass network modules have built-in SFPs.
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port
4, but you cannot pair Port 1 with Port 4 for example.
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to
normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of
the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
Note
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the nonhardware bypass network modules operate.
• Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module,
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
• Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.
For each network segment that you want to configure inline with fail-open, connect the cables to the
paired interface set.
Cisco Firepower 2100 Series Hardware Installation Guide
22
Overview
Hardware Bypass Network Modules
To Next Page
Loading...
Need help?
General