Cisco Firepower 2100 Series, Firepower 2110, Firepower 2120, Firepower 2130, Firepower 2140 Hardware Installation Manual
Cisco Firepower 2100 Series Hardware Installation Guide
First Published: 2017-05-25
Last Modified: 2018-12-07
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
©
2017-2018 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
Features 1
Deployment Options 4
Package Contents 4
Serial Number Location 6
Front Panel 7
Front Panel LEDs 10
Rear Panel 15
Network Modules 17
10-G Network Module 17
1-G Network Module 18
Hardware Bypass Network Modules 19
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass 20
Power Supply Modules 23
Fan Modules 25
SSDs 26
CHAPTER 2
Supported SFP/SFP+ Transceivers 26
Hardware Specifications 29
Product ID Numbers 30
Power Cord Specifications 32
Installation Preparation 39
Installation Warnings 39
Safety Recommendations 42
Maintain Safety with Electricity 42
Prevent ESD Damage 43
Cisco Firepower 2100 Series Hardware Installation Guide
iii
Contents
Site Environment 43
Site Considerations 43
Power Supply Considerations 43
Rack Configuration Considerations 44
CHAPTER 3
CHAPTER 4
Mount and Connect 45
Unpack and Inspect the Chassis 45
Rack-Mount the Chassis 46
Rack-Mount the Chassis Using Slide Rails 48
Ground the Chassis 54
Connect Cables, Turn on Power, and Verify Connectivity for Cisco Firepower Threat Defense 57
Connect Cables, Turn on Power, and Verify Connectivity Using Cisco Firepower Management Center
60
Connect Cables, Turn on Power, and Verify Connectivity for Cisco ASA 62
Maintenance and Upgrade 67
Remove and Replace the Network Module 67
Remove and Replace the SSD 68
Remove and Replace the Power Supply Module 70
Connect the DC Power Supply Module 72
Secure the Power Cord on the Power Supply Module 75
Remove and Replace the Fan Tray 78
Cisco Firepower 2100 Series Hardware Installation Guide
iv
Overview
• Features, on page 1
• Deployment Options, on page 4
• Package Contents, on page 4
• Serial Number Location, on page 6
• Front Panel, on page 7
• Front Panel LEDs, on page 10
• Rear Panel, on page 15
• Network Modules, on page 17
• Hardware Bypass Network Modules, on page 19
• Power Supply Modules, on page 23
• Fan Modules, on page 25
• SSDs, on page 26
• Supported SFP/SFP+ Transceivers, on page 26
• Hardware Specifications, on page 29
• Product ID Numbers, on page 30
• Power Cord Specifications, on page 32
CHAPTER 1
Features
The Cisco Firepower 2100 series security appliance is a standalone modular security services platform. The
series includes the Firepower 2110, 2120, 2130, and 2140. See Product ID Numbers, on page 30 for a list of
the product IDs (PIDs) associated with the 2100 series.
The Firepower 2100 supports Cisco Firepower Threat Defense and Cisco ASA software. The Firepower 2100
is certified for the following security standards on ASA 9.8.x and FTD 6.2.x.
• Common Criteria (CC)
• Federal Information Processing Standards (FIPS)
• Department of Defense Information Network Approved Product List (DoDIN APL)
• US Government Compliance for IPv6 (USGv6)
Cisco Firepower 2100 Series Hardware Installation Guide
1
Features
Note
The Firepower 2130 is Network Equipment Building Systems (NEBS)-certified.
Figure 1: Firepower 2110/2120 and Firepower 2130/2140
See the Cisco Interactive Library for a video that displays the features and components of the Firepower 2100.
The following table lists the features for the Firepower 2100 series.
Table 1: Firepower 2100 Series Features
2140213021202110Feature
Overview
Form factor
Rack mount
Airflow
Intel x86 processor
Cavium Network
Processor Unit
(NPU)
1 RU
Fits standard 19-in. (48.3-cm) square-hole rack.
Yes
Two 2-post mount brackets
(Optional) 4-post EIA-310-D rack
Yes
4-post EIA-310-D rack
(Optional) Two 2--post mount brackets
Front to rear
Cold aisle to hot aisle
Single 4-core at 1.8
G
16 GB DDR4 DRAMIntel x86 memory
Single 6-core at 1.9
G
Single 8-core at 2.0
G
32 GB DDR4
DRAM
Single 6-core at 1.2
G
Single 8-core at 1.2
G
Single 12-core at 1.2
G
16G8 GCavium NPU RAM
8 G (nominal)Flash
Single 16-core at 1.3
G
64 GB DDR4
DRAM
Single 16-core at 1.8
G
16Maximum number
24
of interfaces
1 Gigabit Ethernet (10 M/100 M/1 G Base-T)Management port
RJ-45 serial portConsole port
USB 2.0 Type A (500 mA)USB port
Cisco Firepower 2100 Series Hardware Installation Guide
2
Overview
Features
2140213021202110Feature
12 fixed RJ-45 1 G/100 M/10 M ports (named Ethernet 1/1 through 1/12 )Network ports
Pullout asset card
Grounding lug
Locator beacon
Power switch
slots
Four fixed 1-G SFP portsSFP ports
Yes
Displays serial number
Yes
On rear panel
Yes
On front panel
Yes
On rear panel
NoNetwork module
—Network modules
Four fixed 1-G/10-G SFP+ ports
One
Not hot-swappable
8-port 1-Gigabit Ethernet SFP+
8-port 10-Gigabit Ethernet SFP+
6-port 1-Gigabit Ethernet SX fiber
fail-to-wire
6-port 10-Gigabit Ethernet SR fiber
fail-to-wire
6-port 10-Gigabit Ethernet LR fiber
fail-to-wire
One fixed AC power supply moduleAC power supply
Two power supply
slots
Ships with one
400-W AC power
supply modules
Hot-swappable
Two power supply
slots
Ships with two
400-W AC power
supply modules
Hot-swappable
Yes (optional)NoDC power supply
YesNoRedundant power
One hot-swappable fan tray with four fansFour fixed fansFan
Cisco Firepower 2100 Series Hardware Installation Guide
3
Deployment Options
Overview
2140213021202110Feature
Storage
MSP
Deployment Options
Here are some examples of how you can deploy the Firepower 2100:
• As a firewall:
• At the enterprise Internet edge deployed in a high availability configuration
• At branch offices in either a high availability pair or standalone
• As a device that provides additional application control, URL filtering, or IPS/threat-centric capabilities:
• Behind an enterprise internet edge firewall in an inline in a transparent bump-in-the-wire configuration
or as a standalone (requires hardware fail open network module support)
Two SSD slots (100 GB )
Ships with one 100-GB SSD installed in
slot 1.
Slot 2 is reserved for the Malware Storage
Pack (MSP).
Yes
Installed in SSD slot 2.
Two SSD slots (200 GB )
Ships with one 200-GB SSD installed in
slot 1.
Slot 2 is reserved for the MSP.
• Deployed passively off a SPAN port on a switch or a tap on a network, or standalone
• As a VPN device:
• For remote access VPN
• For site-to-site VPN
Package Contents
The following figure shows the package contents for the Firepower 2110 and 2120. The contents are subject
to change and your exact contents will contain additional or fewer items depending on whether you order the
optional parts. See Product ID Numbers, on page 30 for a list of the PIDs associated with the 2110 and 2120
package contents.
Cisco Firepower 2100 Series Hardware Installation Guide
4
Overview
Package Contents
Figure 2: Firepower 2110 and 2120 Package Contents
Blue console cable PC terminal adapter2Firepower 2110 or 2120 chassis1
41 power cord (country-specific)3
SFP transceiver
(Optional; in package if ordered)
5
62 rack-mount brackets and six 8-32,
0.281-in. screws
7
8Cable management bracket kit
2 cable management brackets and four 8-32
x 0.375-in. screws
(Optional; in package if ordered)
9
Rack-mount screws:
1 ground lug kit
#6 AWG lug, two 10-32 x .38-in. screws
2 user documents:
• Useful Links Cisco Firepower 2100
Series document
• Start Here document
• Four 12-24, 0.75 in.
• Four 10-32, 0.75 in.
• Four M6, 19 mm
The following figure shows the package contents for the Firepower 2130 and 2140. The contents are subject
to change and your exact contents will contain additional or fewer items depending on whether you order the
optional parts. See Product ID Numbers, on page 30 for a list of the product IDs (PIDs) associated with the
2130 and 2140 package contents.
Cisco Firepower 2100 Series Hardware Installation Guide
5
Serial Number Location
Overview
Figure 3: Firepower 2130 and 2140 Package Contents
5
9
11
Left and right slide rails and two M3x6
mm wafer head screws
2 cable management brackets and four 8-32
x 0.375-in. screws
(Optional; in package if ordered)
2 power supply module tie wraps and
clamps
Blue console cable PC terminal adapter2Firepower 2130 or 2140 chassis1
41 or 2 power cords (country-specific)3
6Slide rail kit
82 slide rail locking brackets7
10Cable management bracket kit
SFP transceiver
(Optional; in package if ordered)
Six 8-32 x .25-in. slide rail locking bracket
screws
1 ground lug kit
#6 AWG lug, two 10-32 x .38-in. screws
2 user documents:
• Useful Links Cisco Firepower 2100
Series document
• Start Here document
Serial Number Location
The serial number for the Firepower 2100 series chassis is located on the pullout asset card on the front panel.
Cisco Firepower 2100 Series Hardware Installation Guide
6
Overview
Front Panel
Figure 4: Serial Number on the Chassis
Front Panel
You can also view additional model information on the compliance label located on the bottom of the chassis.
Figure 5: Compliance Label on the Chassis
The following figure shows the front panel of the Firepower 2110 and 2120. See Front Panel LEDs, on page
10 for a description of the LEDs.
Cisco Firepower 2100 Series Hardware Installation Guide
7
Front Panel
Overview
Figure 6: Firepower 2110 and 2120 Front Panel
2Power LED1
Gigabit Ethernet management port:
• Firepower Threat
Defense—Management 0 (also
referred to as Management 1/1 and
Diagnostic 1/1)
• ASA—Management 1/1
3
SSD 1 (slot 1)412 RJ-45 1 G/100 M/10 M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top to
bottom, left to right
System LEDs6Locator beacon5
RJ-45 console port8Type A USB 2.0 port7
9
10Pullout asset card with chassis serial
number
4 fixed SFP (1 G) ports
Fiber ports 1/13 through 1/16 labeled left
to right
SSD (slot 2)11
The following figure shows the front panel of the Firepower 2130 and 2140. See Front Panel LEDs, on page
10 for a description of the LEDs.
Figure 7: Firepower 2130 and 2140 Front Panel
Locator beacon2Power LED1
Cisco Firepower 2100 Series Hardware Installation Guide
8
Overview
Front Panel
3
4Gigabit Ethernet management port:
• Firepower Threat
Defense—Management 0 (also
referred to as Management 1/1 and
12 RJ-45 1 G/100 M/10 M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top to
bottom, left to right
Diagnostic 1/1)
• ASA—Management 1/1
SSD 26SSD 15
Type A USB 2.0 port8System LEDs7
10RJ-45 console port9
Pullout asset card with chassis serial
number
11
Network module (network module slot 1)124 fixed SFP+ (1 G/10 G) ports
Fiber ports 1/13 through 1/16 labeled left
to right
Management Port
The Firepower 2100 chassis has an RJ-45 copper management port.
RJ-45 Console Port
The Firepower 2100 chassis has a standard RJ-45 console port. You can use the CLI to configure your
2100 through the RJ-45 serial console port by using a terminal server or a terminal emulation program
on a computer.
The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does
not have any hardware flow control, and does not support a remote dial-in modem. The baud rate is 9600.
You can use the standard cable found in your accessory kit to convert the RJ-45 to DB-9 if necessary.
Type A USB Port
You can use the external Type A USB port to attach a data-storage device. The external USB drive
identifier is disk1:. The Type A USB port supports the following:
• Hot swapping
• USB drive formatted with FAT32
• Boot kickstart image from ROMMON for discovery recovery purposes
• Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:
• Core files
• Ethanalyzer packet captures
• Tech-support files
• Security module log files
• Platform bundle image upload using download image usbA:
The Type A USB port does not support Cisco Secure Package (CSP) image upload support.
Cisco Firepower 2100 Series Hardware Installation Guide
9
Front Panel LEDs
Network Ports
The Firepower 2100 chassis has 12 fixed RJ-45 1 G/100 M/10 M) ports. They are numbered from top
to bottom, left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/12.
The 2110 and 2120 also have 4 fixed SFP (1 G) ports, and the 2130 and 2140 have 4 fixed SFP+ (1 G/10
G) ports. They are fiber ports numbered left to right (1/13 through 1/16).
Each port has LEDs that represent Link/Activity status.
Front Panel LEDs
The following figure shows the Firepower 2110 and 2120 front panel LEDs.
Figure 8: Firepower 2110 and 2120 Front Panel LEDs
Overview
Cisco Firepower 2100 Series Hardware Installation Guide
10
Overview
Front Panel LEDs
1
2PWR
• Off—Input power is not detected.
Standby power is off.
Locator Beacon
• Off—Locate is off.
• Blue—Locate is on.
• Green, flashing—The system has
detected a power switch toggle event,
and initiated the shutdown sequence.
If the power switch is in the OFF
position, the system powers off after
Note
The Locator beacon helps you
locate a unit that needs physical
service attention. This feature
is activated in the software.
shutdown is completed. Do not
remove the AC or DC power source
while this LED is blinking so that the
system has time to perform a graceful
shutdown.
• Amber—The system is powering up
(before the BIOS boots). This takes
one to five seconds at most.
• Green—The system is fully powered
up.
3
4SYS (Health)
• Off—The system has not booted up
yet.
ACT (Role of a high-availability pair)
• Off—The unit is not configured or
enabled in a high-availability pair.
• Green, flashing—The system is
booting up or in bootloader stage.
• Green—The unit is in active mode.
• Amber—The unit is in standby mode.
• Green—The system has fully booted.
• Amber—The system boot up has
failed.
• Amber, flashing—Alarm condition,
system needs service or attention and
may not boot properly.
5
6SSD1 ACT
• Off—SSD is not present.
• Green—SSD is present; no activity.
• Green, flashing—SSD is active.
SSD2 ACT
• Off—SSD is not present.
• Green—SSD is present; no activity.
• Green, flashing—SSD is active.
Cisco Firepower 2100 Series Hardware Installation Guide
11
Front Panel LEDs
Overview
7
8FAN
• Off—The environmental subsystem
is not active yet.
SSD1 Alert Status
• Off—SSD has normal activity.
• Amber—SSD failure.
• Green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Amber—One fan has failed. The
system can continue to operate
normally, but fan service is required.
• Amber, flashing—Two or more fans
have failed, or the fan tray has been
removed from the system. Immediate
attention is required.
9
10SSD2 Alert Status
• Off—SSD has normal activity.
• Amber—SSD failure.
Ethernet Link
• Green—The link partner is detected;
no activity.
• Green, flashing—Network activity is
detected.
11
12Ethernet Speed
• Green, flashing—The number of
flashes determines link speed; 1
flash=10 Mbit, 2=100 Mbit, 3=1 Gbit.
Fiber Port
• Green—Port is enabled, the link
partner is detected.
• Amber—Port is enabled, but the link
partner is not detected.
• Green, flashing—Port is enabled;
network activity is detected.
The following figure shows the Firepower 2130 and 2140 front panel LEDs.
Cisco Firepower 2100 Series Hardware Installation Guide
12
Overview
Front Panel LEDs
Figure 9: Firepower 2130 and 2140 Front Panel LEDs
1
2Power
• Off—Input power is not detected.
Standby power is off.
Locator LED
• Off—Locate is off.
• Blue—Locate is on.
• Green, flashing—The system has
detected a power switch toggle event,
and initiated the shutdown sequence.
If the power switch is in the OFF
position, the system powers off after
Note
The Locator beacon helps you
locate a unit that needs physical
service attention. This feature
is activated in the software.
shutdown is completed. Do not
remove the AC or DC power source
while this LED is blinking so that the
system has time to perform a graceful
shutdown.
• Amber—The system is powering up
(before the BIOS boots). This takes
one to five seconds at most.
• Green—The system is fully powered
up.
Cisco Firepower 2100 Series Hardware Installation Guide
13
Front Panel LEDs
Overview
3
4SYS (Health)
• Off—The system has not booted up
yet.
• Green, flashing—The system is
booting up or in bootloader stage.
ACT (Role of a high-availability pair)
• Off—The unit is not configured or
enabled in a high-availability pair.
• Green—The unit is in active mode.
• Amber—The unit is in standby mode.
• Green—The system has fully booted.
• Amber—The system boot up has
failed.
• Amber, flashing—Alarm condition,
system needs service or attention and
may not boot properly.
5
6SSD1 ACT
• Off—The SSD is not present.
• Green—The SSD is present; no
activity.
• Green, flashing—The SSD is active.
7
8PSU-1
SSD2 ACT
• Off—The SSD is not present.
• Green—The SSD is present; no
activity.
• Green, flashing—The SSD is active.
PSU-2
• Off—The power supply module is not
present or not detected.
• Green—The power supply module is
present and working properly.
• Amber—The power supply module
is present but a fault or problem has
been detected.
9
10FAN
• Off—The environmental subsystem
is not active yet.
• Off—The power supply module is not
present or not detected.
• Green—The power supply module is
present and working properly.
• Amber—The power supply module
is present but a fault or problem has
been detected.
SSD1 Alert Status
• Off—SSD has normal activity.
• Amber—SSD failure.
• Green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Amber—One fan has failed. The
system can continue to operate
normally, but fan service is required.
• Amber, flashing—Two or more fans
have failed, or the fan tray has been
removed from the system. Immediate
attention is required.
Cisco Firepower 2100 Series Hardware Installation Guide
14
Overview
Rear Panel
Rear Panel
11
• Off—SSD has normal activity.
• Amber—SSD failure.
13
• Green, flashing—The number of
flashes determines link speed; 1
flash=10 Mbit, 2=100 Mbit, 3=1 Gbit.
The following figure shows the rear panel of the Firepower 2110 and 2120.
Figure 10: Firepower 2110 and 2120 Rear Panel
12SSD2 Alert Status
14Ethernet Speed
Ethernet Link
• Green—The link partner is detected;
no activity.
• Green, flashing—Network activity is
detected.
Fiber Port
• Green—Port is enabled, the link
partner is detected.
• Amber—Port is enabled, but the link
partner is not detected.
• Green, flashing—Port is enabled;
network activity is detected.
Fixed power supply module2Power on/off switch1
4Fixed fans3
The following figure shows the rear panel of the Firepower 2130 and 2140.
Cisco Firepower 2100 Series Hardware Installation Guide
2-post grounding lug
Note
The 2-post grounding lug is
included in the accessory kit.
15
Rear Panel
Overview
Figure 11: Firepower 2130 and 2140 Rear Panel
Power supply module 1 FAIL LED2Power on/off switch1
Power supply module 14Power supply module 2 FAIL LED3
Fan tray6Power supply module 1 OK LED5
Power supply module 2 OK LED8Power supply module 27
9
Power Switch
Caution
Note
2-post grounding lug
Note
The 2-post grounding lug is
included in the accessory kit.
The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle
switch that controls power to the system. If the power switch is in standby position, only the 3.3-V
standby power is enabled from the power supply module and the 12-V main power is OFF. When the
switch is in the ON position, the 12-V main power is turned on and the system boots.
Before you move the power switch to the OFF position, use the shutdown commands so that the system
can perform a graceful shutdown. This may take several minutes to complete. After the graceful shutdown
is completed, the front panel power LED is unlit and the console displays Power Down. See the FXOS
Configuration Guide for more information on using these commands.
If you move the power switch to the OFF position before the shutdown command sequence has completed
or if you remove the system power cords before the graceful shutdown is complete, disk corruption can
occur.
After removing power from the chassis by unplugging the power cord, wait at least 10 seconds before
turning power back ON.
For More Information
• See Remove and Replace the Power Supply Module, on page 70 for the procedure for removing and
replacing the power supply module in the Firepower 2130 and 2140.
Cisco Firepower 2100 Series Hardware Installation Guide
16
Overview
• See Remove and Replace the Fan Tray, on page 78 for the procedure for removing and replacing the
fan tray in the Firepower 2130 and 2140.
• See Ground the Chassis, on page 54 for the procedure for using the grounding lug to ground the chassis.
• See Power Supply Modules, on page 23 for a description of the power supply module LEDs.
• See Front Panel LEDs, on page 10 for a description of the fan LEDs.
Network Modules
The Firepower 2130 and 2140 contain one network module slot that provides optical or electrical network
interfaces. Network modules are optional, removable I/O modules that provide either additional ports or
different interface types. The Firepower network module plugs into the chassis on the front panel.
For More Information
• See 10-G Network Module , on page 17 for a description of the 10-G network module.
• See Supported SFP/SFP+ Transceivers, on page 26 for a list of supported SFPS.
Network Modules
• See Remove and Replace the Network Module, on page 67 for the procedure for removing and replacing
network modules.
10-G Network Module
The following figure shows the front panel of the 10-G network module (FPR2K-NM-8X10G). The
FPR2K-NM-8X10G is a single-wide module that supports hot swapping. The eight ports are numbered from
top to bottom, left to right.
Note
The FPR2K-NM-8X10G is NEBS-compliant.
Note
You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be
populated at the same time, because of the port row spacing.
Cisco Firepower 2100 Series Hardware Installation Guide
17
1-G Network Module
Overview
Figure 12: FPR2K-NM-8X10G
3
5
7
9
1-G Network Module
The following figure shows the front panel of the 1-G network module (FPR2K-NM-8X1G). The
FPR2K-NM-8X1G is a single-wide module that supports hot swapping. The eight ports are numbered from
top to bottom, left to right.
Ethernet X/3
Ethernet X/7
Ethernet X/4
Ethernet X/8
2Captive screw/handle1
4
6
8
10
Ethernet X/1
Ethernet X/5
Ethernet X/2
Ethernet X/6
Network activity LEDs
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
Note
You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be
populated at the same time, because of the port row spacing. For a list of copper SFPS, see Supported SFP/SFP+
and QSFP Transceivers.
Cisco Firepower 2100 Series Hardware Installation Guide
18
Overview
Hardware Bypass Network Modules
Figure 13: FPR2K-NM-8X1G
3
5
7
9
Ethernet X/3
Ethernet X/7
Ethernet X/4
Ethernet X/8
Hardware Bypass Network Modules
Fail-to-wire (also known as hardware bypass) is a physical layer (Layer 1) bypass that allows paired interfaces
to go into bypass mode so that the hardware forwards packets between these port pairs without software
intervention. Fail-to-wire provides network connectivity when there are software or hardware failures. Hardware
bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The
hardware bypass network modules have an optical switch that is capable of connecting the two ports when
needed.
2Captive screw/handle1
4
6
8
10
Ethernet X/1
Ethernet X/5
Ethernet X/2
Ethernet X/6
Network activity LEDs
• Unlit—No connection or port is not
in use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
The fail-to-wire network modules have built-in SFPs.
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port
4, but you cannot pair Port 1 with Port 4 for example.
Cisco Firepower 2100 Series Hardware Installation Guide
19
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
Note
Hardware bypass is only supported in inline mode. Also, hardware bypass support depends on your software
application.
Note
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to
normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of
the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the non-fail-to-wire network modules operate.
Overview
• Inline interfaces—Connection to any two like ports (10 G to 10 G for example) on one network module,
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
• Inline with fail-to-wire interfaces—Connection of a fail-to-wire paired set.
For each network segment that you want to configure inline with fail-open, connect the cables to the
paired interface set.
For the 40-G network module, you connect the two ports to form a paired set. For the 1/10-G network
modules, you connect the top port to the bottom port to form a fail-to-wire paired set. This allows traffic
to flow even if the security appliance fails or loses power.
Note
If you have a inline interface set with a mix of fail-to-wire and non-fail-to-wire interfaces, you cannot enable
hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set
if all the pairs in the inline set are valid fail-to-wire pairs.
For More Information
• See 1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass, on page 20 for a description
of the 1-G SX, 10-G SR, and LR network modules.
• See Remove and Replace the Network Module, on page 67 for the procedure for removing and
replacing single-wide network modules.
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
The following figure shows the front panel of the 1-G SX, 10-G SR and 10-G LR fail-to-wire network modules
FPRK2-NM-6X1SX-F, FPRK2-NM-6X10SR-F, FPR2K-NM-6X10LR-F). This is a single-wide module that
Cisco Firepower 2100 Series Hardware Installation Guide
20
Overview
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
does not support hot swapping. The six ports are numbered from top to bottom, left to right. Pair ports 1 and
2, 3 and 4, and 5 and 6 to form hardware bypass paired sets.
Figure 14: FPR2K-NM-6X1SX-F, FPR2K-NM-6X10SR-F, FPR2K-NM-6X10LR-F
2Captive screw/handle1
6 network activity LEDs
• Amber—No connection, or port is not
in use, or no link or network failure.
• Green—Link up, no network activity.
• Green, flashing—Network activity.
3
• Green—In standby mode.
• Amber, flashing—Port is in hardware
bypass mode, failure event.
4Bypass LEDs B1 through B3:
Ethernet X/1 (top port)
Ethernet X/2 (bottom port)
Ports 1 and 2 are paired together to form a
hardware bypass pair.
• Amber—Port is in hardware bypass
mode, forced.
5
Ethernet X/3 (top port)
Ethernet X/4 (bottom port)
Ports 3 and 4 are paired together to form
a hardware bypass pair.
6
Ethernet X/5 (top port)
Ethernet X/6 (bottom port)
Ports 5 and 6 are paired together to form a
hardware bypass pair.
The 1-G SX /10-G SR/10-G LR network modules have the following insertion loss measurements. Insertion
loss measurements help you to troubleshoot the network by verifying cable installation and performance.
Table 2: 1-G SX Network Module (FPR2K-NM-6X1SX-F)
Insertion loss
Normal
Hardware bypass
MaximumTypicalOperating Mode
0.9 dB
1.2 dB
Cisco Firepower 2100 Series Hardware Installation Guide
1.4 dB
1.7 dB
21
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
Overview
Core diameter (microns)
Cable and operating
distance
62.5
62.5
50
50
50
Table 3: 10-G SR Network Module (FPR2K-NM-6X10SR-F)
Insertion loss
Normal
Hardware bypass
Core diameter (microns)
Modal bandwidth
(MHz/km)
160 (FDDI)
200 (OM1)
400
500 (OM2)
2000 (OM3)
0.9 dB
1.2 dB
Modal bandwidth
(MHz/km
Cable distance
Note
Half the
distance
specified by
the IEEE
standard.
110 m
137 m
250 m
275 m
500 m
MaximumTypicalOperating Mode
1.4 dB
1.7 dB
Cable distance
Note
Half the
distance
specified by
the IEEE
standard.
Cable and operating
distance
62.5
62.5
50
50
50
50
Table 4: 10-G LR Network Module (FPR2K-NM-6X10LR-F)
160 (FDDI)
200 (OM1)
400
500 (OM2)
2000 (OM3)
4700 (OM4)
13 m
16.5 m
33 m
41 m
150 m
200 m
MaximumTypicalOperating Mode
Insertion loss
Normal
Hardware bypass
Cisco Firepower 2100 Series Hardware Installation Guide
22
1.2 dB
1.5 dB
1.6 dB
1.9 dB
Loading...