oxidized icon indicating copy to clipboard operation
oxidized copied to clipboard
verified publisher icon ytti

Cisco FirePower 4115 connection issue

Open imax64 opened this issue 8 months ago • 2 comments

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

  1. Configure '...'
  2. Use model '....'
  3. Run '....'
  4. See error

Expected behavior A clear and concise description of what you expected to happen.

Configuration

If applicable, publish your configuration.

Logs Apr 29 06:40:34 shadow oxidized[3202742]: W, [2025-04-29T06:40:34.665300 #3202742] WARN -- : default/nlhfd-vpn-fw-2 status no_connection, retries exhausted, giving up Apr 29 09:46:37 shadow oxidized[3202742]: W, [2025-04-29T09:46:37.788463 #3202742] WARN -- : default/nlhfd-vpn-fw-2 status no_connection, retry attempt 1 Apr 29 09:46:45 shadow oxidized[3202742]: W, [2025-04-29T09:46:45.798384 #3202742] WARN -- : default/nlhfd-vpn-fw-2 status no_connection, retry attempt 2 Apr 29 09:46:54 shadow oxidized[3202742]: W, [2025-04-29T09:46:54.809425 #3202742] WARN -- : default/nlhfd-vpn-fw-2 status no_connection, retry attempt 3 If applicable, add logs to help explain your problem.


**Running environment (please complete the following information):**
<!-- complete the following information and add further details if needed.
Always test the latest version of oxidized -->
- OS: Cisco IOSXE
- oxidized version: 0.33
- oxidized-web version: [e.g. 0.15.1, if applicable]
- Manufacturer model an software version:
- oxidized model name:

**Additional context**
I believe , based on troubleshooting , the issue resides on the design of the platform. The FireOS/Firepower platform deployment and config works great, but the FP 4115 is a chassis where you deploy VMs, and these VMs cannot do "show inventory". I believe the issue is the null response returned by this command that is causing the issue.

imax64 avatar Apr 29 '25 19:04 imax64

Make no mistake, on all non-chassis units, such as Cisco Firepower series 2000 and 1000 series, this works fine.

On larger series, such as 4000 (where you have to deploy firewalls as VMs or 'contexts' in network language), this always fails. There are no command or login failures, this is executed as confirmed by the tacacs logs, just the queries return null (checked command logs).

From my initial t-shoot, I looked at the return commands and only noticed that "show inventory" comes up null, since its a VM, will have none. Non-chassis VM series (such as Cisco FP 2k or 1k series) do return "show inventory" valid result.

But even skipping the "show inventory" function result null return (replace with empty space "" if null), I still had the same error return.

I am open to any thoughts or test on the matter .

imax64 avatar Apr 29 '25 19:04 imax64

Firepowers offer one of the worst CLI I know. Instead of returning "command unknown", it keeps the old command on the cli, so that you get "show inventoryshow run..." instead. We need a way to wipe the last command on error, I've not looked further in the problem yet.

robertcheramy avatar Apr 30 '25 05:04 robertcheramy