Default Settings for Interfaces
This section lists default settings for interfaces.
Default State of Interfaces
The default state of an interface depends on the type.
-
Physical interfaces—Disabled. The exception is the Management interface that is enabled for initial setup. Physical interfaces includes switch ports.
-
VLAN subinterfaces—Enabled. However, for traffic to pass through the subinterface, the physical interface must also be enabled.
-
EtherChannel port-channel interfaces (ISA 3000)—Enabled. However, for traffic to pass through the EtherChannel, the channel group physical interfaces must also be enabled.
-
EtherChannel port-channel interfaces (Firepower and Secure Firewall models)—Disabled.
Note | For the Firepower 4100/9300, you can administratively enable and disable interfaces in both the chassis and in the Cloud-Delivered Firewall Management Center. For an interface to be operational, the interface must be enabled in both operating systems. Because the interface state is controlled independently, you may have a mismatch between the chassis and Cloud-Delivered Firewall Management Center. |
Default Speed and Duplex
By default, the speed and duplex for copper (RJ-45) interfaces are set to auto-negotiate.
By default, the speed and duplex for fiber (SFP) interfaces are set to the maximum speed, with auto-negotiation enabled. If a peer switch connecting to the port over a 50G cable does not support auto-negotiation, ensure to disable auto-negotiation on the switch and the Threat Defense interface as well. For example, N9K-C93400LD-H1 does not support auto-negotiation on a 50G cable. Hence, you must disable the default auto-negotiation on the platform and the switch for the port to be connected.
For the Secure Firewall 3100/4200/6100 the speed is set to detect the installed SFP speed.
ethemet 1/10.