• Managing Cisco Secure Firewall Threat Defense with Cloud-Delivered Firewall Management Center
  • Onboard Devices to Cloud-Delivered Firewall Management Center
  • System Settings
  • Optimize Firewall Performance with AIOps
  • Health and Monitoring
  • Tools
  • Reporting and Alerting
  • Event and Asset Analysis Tools
  • Events and Assets
  • Device Operations
    • Transparent or Routed Firewall Mode
    • Logical Devices on the Firepower 4100/9300
    • Multi-Instance Mode for the Secure Firewall 3100/4200
    • High Availability
    • Clustering for the Secure Firewall 3100/4200
      • About Clustering for the Secure Firewall 3100/4200
      • Licenses for Clustering
      • Requirements and Prerequisites for Clustering
      • Guidelines for Clustering
      • Configure Clustering
      • Manage Cluster Nodes
      • Monitoring the Cluster
      • Troubleshooting the Cluster
        • Perform a Ping on the Cluster Control Link
      • Examples for Clustering
      • Reference for Clustering
      • History for Clustering
    • Clustering for Threat Defense Virtual in a Private Cloud
    • Clustering for Threat Defense Virtual in a Public Cloud
    • Clustering for the Firepower 4100/9300
  • Interfaces and Device Settings
  • Routing
  • Objects and Certificates
  • SD-WAN
  • VPN
  • Access Control
  • Intrusion Detection and Prevention
  • Network Malware Protection and File Policies
  • Policy Tools
  • Encrypted Traffic Handling
  • User Identity
  • Network Discovery
  • FlexConfig Policies
  • Advanced Network Analysis and Preprocessing
  • Advanced Network Analysis in Snort 3
  • Reference

Perform a Ping on the Cluster Control Link

When a node joins the cluster, it checks MTU compatibility by sending a ping to the control node with a packet size matching the cluster control link MTU. If the ping fails, a notification is generated so you can fix the MTU mismatch on connecting switches and try again. This tool lets you manually ping all nodes that have already joined the cluster in case you are having cluster control link connectivity problems.

You can check to make sure all the cluster nodes can reach each other over the cluster control link by performing a ping. One major cause for the failure of a node to join the cluster is an incorrect cluster control link configuration; for example, the cluster control link MTU may be set higher than the connecting switch MTUs.

Procedure

Step 1

Choose Devices > Device Management, click the More (more icon) icon next to the cluster, and choose Cluster Live Status.

Cluster Status
Cluster Status

Step 2

Expand one of the nodes, and click CCL Ping.

CCL Ping
CCL Ping

The node sends a ping on the cluster control link to every other node using a packet size that matches the maximum MTU.

Copyright © 2025, Cisco Systems, Inc. All rights reserved.