cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


212
Views
0
Helpful
2
Replies
Highlighted
db1 Beginner
Beginner

Changing interface from access to trunk

Hi All, 

I have my inside interface configured like this:

interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 192.168.x.1 255.255.255.0 standby 192.168.x.3 

It connects to a switch configured also with an access interface. 

 

However, there is a SD-WAN device inbetween, and that device expects to see tagged VLAN traffic. 

 

So I need to change the ports on the switch and ASA to send tagged VLAN traffic. Easy on the switch, but from what I understand on the ASA I will need to create a subinterface. 

 

Of course I have quite a lot of config on the ASA mentioning 'inside' interface, NAT, access-lists and so on. 

How do I do it in a best way? I guess I don't want to remove the current 'nameif inside' as it will remove all this config. 

 

Maybe reboot using a new config with modified interface setup?

 

Thanks!

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
db1 Beginner
Beginner

Re: Changing interface from access to trunk

I will reply to my own post, maybe it is helpful to someone in future. 

 

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 

 

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 

 

2 REPLIES 2
db1 Beginner
Beginner

Re: Changing interface from access to trunk

I will reply to my own post, maybe it is helpful to someone in future. 

 

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 

 

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 

 

VIP Advisor

Re: Changing interface from access to trunk

I don't think you can swap it and keep all other rules without impact. I
suggest to create the sub interface without IP, check in the run config is
related to inside interface and configure it for the new interface then
finally migrate the ip address