https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486290#M1084365 <P>Hi Experts,</P><P>&nbsp;</P><P>We're running Multi-context Active/standby firewalls on the version 9.8.4.35. We have been asked to delete the VLAN sub-interfaces, it's access-lists and access-groups.</P><P>Not sure if the sub-interface should be removed first from the specific context or from the system space.</P><P>Please assist with the order to be followed or the best practice?</P><P>&nbsp;</P><P>System Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />vlan 101</P><P>&nbsp;</P><P>Specific Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />nameif DMZ_1<BR />security-level 50<BR />ip address X.X.X.X 255.255.255.128 standby X.X.X.X</P><P>&nbsp;</P> Thu, 14 Oct 2021 14:49:07 GMT Srinivasan Nagarajan 2021-10-14T14:49:07Z https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486290#M1084365 <P>Hi Experts,</P><P>&nbsp;</P><P>We're running Multi-context Active/standby firewalls on the version 9.8.4.35. We have been asked to delete the VLAN sub-interfaces, it's access-lists and access-groups.</P><P>Not sure if the sub-interface should be removed first from the specific context or from the system space.</P><P>Please assist with the order to be followed or the best practice?</P><P>&nbsp;</P><P>System Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />vlan 101</P><P>&nbsp;</P><P>Specific Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />nameif DMZ_1<BR />security-level 50<BR />ip address X.X.X.X 255.255.255.128 standby X.X.X.X</P><P>&nbsp;</P> Thu, 14 Oct 2021 14:49:07 GMT https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486290#M1084365 Srinivasan Nagarajan 2021-10-14T14:49:07Z https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486294#M1084366 <P>Clear up the access list and access group any assiciated and shutdown the sub-interface and&nbsp; remove sub-interface is best approach (in maintenance window always).</P> Thu, 14 Oct 2021 14:53:28 GMT https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486294#M1084366 balaji.bandi 2021-10-14T14:53:28Z https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486306#M1084367 <P>Hi Balaji, Thanks for the reply. Can you please assist on the below?</P><P><SPAN>Not sure if the sub-interface should be removed first from the specific context or from the system space.</SPAN></P><P>&nbsp;</P><P>System Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />vlan 101</P><P>&nbsp;</P><P>Specific Context:-</P><P>show run int Port-channel10.101<BR />interface Port-channel10.101<BR />nameif DMZ_1<BR />security-level 50<BR />ip address X.X.X.X 255.255.255.128 standby X.X.X.X</P> Thu, 14 Oct 2021 15:05:33 GMT https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486306#M1084367 Srinivasan Nagarajan 2021-10-14T15:05:33Z https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486310#M1084368 <P>Get in to context :</P> <P>&nbsp;</P> <P>1- clean up associated ACL and policies</P> <P>2. from context remove related config for the sub-interface.and shutdown</P> <P>3. system context where you remove the sub-interface ( no interface Port-channel10.101)</P> <P>&nbsp;</P> <P>changes to be done always active one.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 14 Oct 2021 15:15:32 GMT https://community.cisco.com/t5/network-security/multicontext-vlan-subinterface-deletion/m-p/4486310#M1084368 balaji.bandi 2021-10-14T15:15:32Z