Re: [rancid] FXOS on FirePower 4140

Fri, 08 Feb 2019 12:28:35 -0800 

On 2/8/19 14:02 , Chris Stromsoe wrote:
I'm using fxlogin and fxos.pm from the development branch against a FirePoweer 4140 running 2.4(1.122).  The default command table from rancid.types.base isn't working. 

After logging in to the 4110, I have access to:

fw# show
chassis              cli                  clock

...


If I do a 'connect fxos' I can get running-config and other information:

fw(fxos)# show
aaa                   incompatibility       role
access-lists          ingress-vlan-groups   routing

...

Does the fxos module assume a FirePower running FTD?  I also have access to 
an FP 2110 running FTD and fxos works fine there.



I don't have enough experience with the FirePower platform and fxos to know 
if the current fxos module depends on running FTD, or if there are other 
differences in fxos on the 2110 with FTD and the 4140 that are causing the 
fxos module to fail.


Any pointers or suggestions?



The current fxos module assumes FTD on a 2100 platform (and I'm currently 
testing support for ASA on 2100).  My understanding is that the 4100 and 
9300 have a bit of a different architecture from the 2100, but I've not 
touched those to be able to say how exactly they differ.



It looks like the initial login layer on the 4100 must be different.  Is 
there any other "connect" option from either the initial login layer or the 
fxos layer, where the actual firewall functions are exposed?



On a 2100 the first layer you connect to is the FTD application (similar to 
legacy ASA platform), with a simple ">" prompt and a config syntax like:

> show running-config
: Serial Number: J..........
: Hardware:   FPR-2130, 14854 MB RAM, CPU MIPS 1200 MHz, 1 CPU (12 cores)
:
NGFW Version 6.2.3.4
!
hostname firepower
...
!
interface Ethernet1/1
 nameif border1
...

After that in the fxos layer, the config is more like the the UCS FI:
 > connect fxos
Cisco Firepower Extensible Operating System (FX-OS) Software
xxx-fw01# sho configuration
 scope org
     enter bios-policy SRIOV
         set acpi10-support-config acpi10-support platform-default
...


and there's a much more limited command list available:
xxx-fw01# show
chassis              cli                  clock
configuration        eth-uplink           event
fabric-interconnect  fault                identity
ntp-overall-status   registry-repository  security
sel                  server               system
tech-support         timezone             version

_______________________________________________
Rancid-discuss mailing list
Rancid-discuss@shrubbery.net
http://www.shrubbery.net/mailman/listinfo/rancid-discuss






















					Reply via email to