Using the LCD Panel on a Firepower Device

Firepower devices allow you to view device information or configure certain settings using an LCD panel on the front of the device instead of the system’s web interface.

The LCD panel has a display and four multi-function keys, and operates in multiple modes that show different information and allow different configurations depending on the state of the device.

For more information, see the following sections:

Caution Allowing reconfiguration using the LCD panel may present a security risk. You need only physical access, not authentication, to configure using the LCD panel.
  • System Status Mode explains how you can view monitored system information, such as link state propagation, bypass status, and system resources, as well as change the LCD panel brightness and contrast.
  • Information Mode explains how you can view identifying system information such as the device’s chassis serial number, IP address, model, and software and firmware versions.
  • Error Alert Mode describes how the LCD panel communicates error or fault conditions; for example, bypass, fan status, or hardware alerts.

Note The device must be powered on to use the LCD panel. For information on how to safely power on or shut down the device, see the Managing Devices chapter in the Firepower Management Center Configuration Guide.

Understanding LCD Panel Components

The LCD panel on the front of a Firepower device has a display and four multi-function keys:

  • The display contains two lines of text (up to 17 characters each), as well as the multi-function key map. The map indicates, with symbols, the actions that you can perform with the corresponding multi-function keys.
  • The multi-function keys allow you to view system information and complete basic configuration tasks, which vary according to the mode of the LCD panel. For more information, see Using the LCD Multi-Function Keys.

The following graphic shows the panel’s default Idle Display mode, which does not include a key map.

Figure 4-1 LCD Panel, Idle Display mode

 

In Idle Display mode, the panel alternates between displaying the CPU utilization and free memory available, and the chassis serial number. Press any key to interrupt the Idle Display mode and enter the LCD panel’s main menu where you can access Network Configuration, System Status, and Information modes.

The following graphic shows the main menu, which has a key map that corresponds to the four multi-function keys (top left, top right, bottom left, and bottom right).

Figure 4-2 LCD Panel, main menu

 

To access the main menu:

Step 1 In Idle Display mode, press any multi-function key.

The main menu appears:

Note Pressing a multi-function key as the LCD panel enters Idle Display mode can cause the panel to display an unexpected menu.

 

Using the LCD Multi-Function Keys

Four multi-function keys allow you navigate the menus and options on the LCD panel. You can use the multi-function keys when a key map appears on the display. A symbol’s location on the map corresponds to the function and location of the key used to perform that function. If no symbol is displayed, the corresponding key has no function.

Tip The function of a symbol, and therefore the key map, varies according the LCD panel mode. If you do not get the result you expect, check the mode of the LCD panel.

The following table explains the multi-function key functions.

 

Table 4-1 LCD Panel Multi-Function Keys

Symbol
Description
Function

 

Up arrow

Scrolls up the list of current menu options.

 

Down arrow

Scrolls down the list of current menu options.

 

Left arrow

Performs one of the following actions:

  • Takes no action and displays the LCD panel menu.
  • Moves the cursor to the left.
  • Re-enables editing.

 

Right arrow

Performs one of the following actions:

  • Enters the menu option displayed on that line.
  • Moves the cursor to the right.
  • Scrolls through continued text.

X

Cancel

Cancels the action.

+

Add

Increases the selected digit by one.

-

Subtract

Decreases the selected digit by one.

 

Check mark

Accepts the action.

Idle Display Mode

The LCD panel enters Idle Display mode after 60 seconds of inactivity (you have not pressed any multi-function keys) with no detected errors. If the system detects an error, the panel enters Error Alert mode (see Error Alert Mode) until the error is resolved. Idle Display mode is also disabled when you are editing your network configuration or running diagnostics.

In Idle Display mode, the panel alternates (at five second intervals) between displaying the CPU utilization and free memory available and the chassis serial number.

A sample of each display might look like this:

CPU: 50%
FREE MEM: 1024 MB

or:

Serial Number:
3D99-101089108-BA0Z

In Idle Display mode, press any multi-function key to enter the main menu; see Understanding LCD Panel Components.

Note Pressing a multi-function key as the LCD panel enters Idle Display mode can cause the panel to display an unexpected menu.

Network Configuration Mode

The Firepower System provides a dual stack implementation for both IPv4 and IPv6 management environments. In Network Configuration mode, you can use the LCD panel to configure the network settings for a Firepower device’s management interface: the IP address, subnet mask or prefix, and default gateway.

If you edit the IP address of a Firepower device using the LCD panel, confirm that the changes are reflected on the managing Management Center. In some cases, you may need to edit the device management settings manually. See the for more information.

By default, the ability to change network configuration using the LCD panel is disabled. You can enable it during the initial setup process, or using the device’s web interface. For more information, see Allowing Network Reconfiguration Using the LCD Panel.

Caution Enabling this option may present a security risk. You need only physical access, not authentication, to configure network settings using the LCD panel.

To configure network settings using Network Configuration mode:

Step 1 In Idle Display mode, press any multi-function key to enter the main menu.

The main menu appears:

Network Config
System Status

Step 2 Press the right arrow (à) key on the top row to access Network Configuration mode.

The LCD panel displays the following:

IPv4

IPv6

Step 3 Press the right arrow key to select the IP address you want to configure:

    • For IPv4, the LCD panel might display the following:

IPv4 set to DHCP.

Enable Manual?

    • For IPv6, the LCD panel might display the following:

IPv6 Disabled.

Enable Manual?

Step 4 Press the right arrow key to manually configure the network:

    • For IPv4, the LCD panel displays the IPv4 address. For example:

IPv4 Address: - +

194.170.001.001 X

    • For IPv6, the LCD panel displays a blank IPv6 address. For example:

IPv6 Address: - +

0000:0000:0000:00 X

The first line on the panel indicates whether you are editing the IPv4 or IPv6 address. The second line displays the IP address you are editing. A cursor underlines the first digit, and represents the digit you are editing. The two symbols correspond with the multi-function keys to the right of each row.

Note that the IPv6 address does not fit completely on the display. As you edit each digit and move the cursor to the right, the IPv6 address scrolls to the right.

Step 5 Edit the digit underlined by the cursor, if needed, and move to the next digit in the IP address:

    • To edit the digit, press the minus (-) or plus (+) keys on the top row to decrease or increase the digit by one.
    • To move to the next digit in the IP address, press the right arrow key on the bottom row to move the cursor to the next digit to the right.

With the cursor on the first digit, the LCD panel displays the cancel and right arrow symbols at the end of the IP address. With the cursor on any other digit, the LCD panel displays the left and right arrow symbols.

Step 6 When you finish editing the IPv4 or IPv6 address, press the right arrow key again to display the check mark ( ) key to accept the changes.

Before you press the right arrow key, the function symbols on the display looks like the following sample:

IPv4 Address: - +

194.170.001.001 X

After you press the right arrow key, the function symbols on the display looks like the following sample:

IPv4 Address: X

194.170.001.001

Step 7 Press the check mark key to accept the changes to the IP address.

For IPv4, the LCD panel displays the following:

Subnet Mask: - +

000.000.000.000 X

For IPv6, the LCD panel displays the following:

Prefix: - +

000.000.000.000 X

Step 8 Edit the subnet mask or prefix the same way you edited the IP address, and press the check mark key to accept the changes.

The LCD panel displays the following:

Default Gateway - +

000.000.000.000 X

Step 9 Edit the default gateway the same way you edited the IP address, and press the check mark key to accept the changes.

The LCD panel displays the following:

Save?

X

Step 10 Press the check mark key to save your changes.

 

Allowing Network Reconfiguration Using the LCD Panel

Because it presents a security risk, the ability to change network configuration using the LCD panel is disabled by default. You can enable it during the initial setup process (see the Initial Device Setup section in the Cisco Firepower 7000 Series Getting Started Guide ), or using the device’s web interface as described in the following procedure.

To allow network reconfiguration using a device’s LCD panel:

Access: Admin

Step 1 After you complete the initial setup of the device, log into the device’s web interface using an account with Administrator privileges.

Step 2 Select System > Local > Configuration .

The Information page appears.

Step 3 Click Network .

The Network Settings page appears.

Step 4 Under LCD Panel, select the Allow reconfiguration of network configuration check box. When the security warning appears, confirm that you want to enable this option.

Tip For information on the other options on this page, see the Firepower Management Center Configuration Guide.

Step 5 Click Save .

The network settings are changed.

 

System Status Mode

The LCD panel’s System Status mode displays monitored system information, such as link state propagation, bypass status, and system resources. You can also change the LCD panel’s brightness and contrast in System Status mode.

The following table describes the information and options available in this mode.

 

Table 4-2 System Status Mode Options

Option
Description

Resources

Displays the CPU utilization and free memory available. Note that Idle Display mode also shows this information.

Link State

Displays a list of any inline sets currently in use and the link state status for that set. The first line identifies the inline set, and the second line displays its status (normal or tripped). For example:

eth2-eth3:
normal

Fail Open

Displays a list of the bypass inline sets in use and the status of those pairs, either normal or in bypass.

Fan Status

Displays a list and the status of the fans in the device.

Diagnostics

Accessible after pressing a specific key sequence available from Support.

Caution Do not access the diagnostics menu without the guidance of Support. Accessing the diagnostics menu without specific instructions from Support can damage your system.

LCD Brightness

Allows you to adjust the brightness of the LCD display.

LCD Contrast

Allows you to adjust the contrast of the LCD display.

To enter System Status mode and view monitored system information:

Step 1 In Idle Display mode, press any multi-function key to enter the main menu.

The main menu appears:

Network Config
System Status

Step 2 Press the right arrow ( ) key on the bottom row to access System Status mode.

The LCD panel displays the following:

Resources
Link State

Step 3 Scroll through the options by pressing the down arrow (â) key. Press the right arrow key in the row next to the status you want to view.

Depending on the option you chose, the LCD panel displays the information listed in Table 4-2. To change the LCD panel brightness or contrast, see the next procedure.

 

To adjust the LCD panel brightness or contrast:

Step 1 In System Status mode, scroll through the options by pressing the down arrow (â) key until the LCD panel displays the LCD Brightness and LCD Contrast options:

LCD Brightness
LCD Contrast

Step 2 Press the right arrow key in the row next to the LCD display feature (brightness or contrast) you want to adjust.

The LCD panel displays the following:

Increase
Decrease

Step 3 Press the right arrow key to increase or decrease the display feature you have selected.

The LCD display changes as you press the keys.

Step 4 Press the down arrow to display the Exit option:

Decrease
Exit

Step 5 Press the right arrow key in the Exit row to save the setting and return to the main menu.

 

Information Mode

The LCD panel’s Information mode displays identifying system information such as the device’s chassis serial number, IP address, model, and software and firmware versions. Support may require this information if you call for assistance.

The following table describes the information available in this mode.

 

Table 4-3 Information Mode Options

Option
Description

IP address

Displays the IP address of the device’s management interface.

Model

Displays the device’s model.

Serial number

Displays the device’s chassis serial number.

Versions

Displays the device’s system software and firmware versions. Use the multi-function keys to scroll through the following information:

  • Product version
  • NFE version
  • Micro Engine version
  • Flash version
  • GerChr version

To enter Information mode and view identifying system information:

Step 1 In Idle Display mode, press any multi-function key to enter the main menu.

The main menu appears:

Network Config
System Status

Step 2 Scroll through the modes by pressing the down arrow (â) key until the LCD panel displays Information mode:

System Status
Information

Step 3 Press the right arrow ( ) key on the bottom row to access Information mode.

Step 4 Scroll through the options by pressing the down arrow (â) key. Press the right arrow key in the row next to the information you want to view.

Depending on the option you chose, the LCD panel displays the information listed in Table 4-3.

 

Error Alert Mode

When a hardware error or fault condition occurs, Error Alert mode interrupts Idle Display mode. In Error Alert mode, the LCD display flashes and displays one or more of the errors listed in the following table.

 

Table 4-4 LCD Panel Error Alerts

Error
Description

Hardware alarm

Alerts on hardware alarms

Link state propagation

Displays the link state of paired interfaces

Bypass

Displays the status of inline sets configured in bypass mode

Fan status

Alerts when a fan reaches a critical condition

When a hardware error alert occurs, the LCD displays the main hardware alert menu, as follows:

HARDWARE ERROR!
Exit

You can use the multi-function keys to scroll through the list of error alerts or exit Error Alert mode. Note that the LCD display continues to flash and display an alert message until all error conditions are resolved.

The LCD panel always displays the platform daemon error message first, followed by a list of other hardware error messages. The following table provides basic information on Firepower device error messages, where X indicates the NFE accelerator card ( 0 or 1 ) that generated the alert.

 

Table 4-5 Hardware Alarm Error Messages

Error Message
Condition Monitored
Description

NFE_platformd X

platform daemon

Alerts when the platform daemon fails.

NFE_temp X

temperature status

Alerts when the temperature of the accelerator card exceeds acceptable limits:

  • WARNING : greater than 80°C/176°F (7000 Series) or 97°C/206°F (8000 Series).
  • CRITICAL : greater than 90°C/194°F (7000 Series) or 102°C/215°F (8000 Series).

HeartBeat X

heartbeat

Alerts when the system cannot detect the heartbeat.

frag X

nfe_ipfragd (host frag) daemon

Alerts when the ipfragd daemon fails.

rules X

Rulesd (host rules) daemon

Alerts when the Rulesd daemon fails.

TCAM X

TCAM daemon

Alerts when the TCAM daemon fails.

NFEMessD X

message daemon

Alerts when the message daemon fails.

NFEHardware

hardware status

Alerts when one or more accelerator cards is not communicating.

NFEcount

cards detected

Alerts when the number of accelerator cards detected on the device does not match the expected accelerator card count for the platform.

7000 Series only: GerChr_comm

8000 Series only:
NMSB_comm

communications

Alerts when the media assembly is not present or not communicating.

7000 Series only: gerd

8000 Series only:
scmd

scmd daemon status

Alerts when the scmd daemon fails.

7000 Series only: gpsl

8000 Series only:
psls

psls daemon status

Alerts when the psls daemon fails.

7000 Series only: gftw

8000 Series only:
ftwo

ftwo daemon status

Alerts when the ftwo daemon fails.

NFE_port18
NFE_port19
NFE_port20
NFE_port21

internal link status

Alerts when the link between the network module switch board and the accelerator card fails:

  • 7000 Series
    All families: NFE_port18 only
  • 8000 Series
    81xx Family: NFE_port18 and NFE_port19 only
    82xx Family and 83xx Family: NFE_port18 , NFE_port19 , NFE_port20 , and NFE_port21

Use the following procedure to view hardware alert error messages on the LCD display.

To view the hardware alert error messages:

Step 1 In Error Alert mode, on the HARDWARE ERROR! line, press the right arrow ( ) key to view the hardware errors that triggered the Error Alert mode.

The LCD panel lists the error alert messages starting with the NFE platform daemon failure followed by a list of error messages.

NFEplatformdX
NFEtempX

where X indicates the accelerator card (either 0 or 1 ) that generated the alert.

Step 2 On the error message line, press the down arrow (â) key to view additional errors. When there are no additional errors, the Exit row appears.

Exit

Step 3 Press the right arrow ( ) key to exit Error Alert mode.

If you exit Error Alert mode before you resolve the error that triggered the alert, the LCD panel returns to Error Alert mode. Contact Support for assistance.