Hardware Bypass Network Modules - Cisco Firepower 4100 Series Hardware Installation Manual
Hide thumbs
Also See for Firepower 4100 Series:
- Command reference manual (421 pages) ,
- Hardware installation manual (82 pages) ,
- Manual (42 pages)
Table of Contents
Advertisement
Hardware Bypass Network Modules
1
3
5
Hardware Bypass Network Modules
Fail-to-wire (also known as hardware bypass) is a physical layer (Layer 1) bypass that allows paired interfaces
to go into bypass mode so that the hardware forwards packets between these port pairs without software
intervention. Fail-to-wire provides network connectivity when there are software or hardware failures. Hardware
bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The
hardware bypass network modules have an optical switch that is capable of connecting the two ports when
needed.
The fail-to-wire network modules have built-in SFPs.
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port
4, but you cannot pair Port 1 with Port 4 for example.
Note
Hardware bypass is only supported in inline mode. Also, hardware bypass support depends on your software
application.
Note
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to
normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of
the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
• Inline interfaces—Connection to any two like ports (10 G to 10 G for example) on one network module,
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
12
Captive screw/handle
Ethernet X/1
Ethernet X/3
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the non-fail-to-wire network modules operate.
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
2
Network activity LEDs
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
4
Ethernet X/2
Ethernet X/4
6
Overview
Hide quick links:
Advertisement
Chapters
Table of Contents
