cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1209
Views
0
Helpful
2
Replies

Changing interface from access to trunk

db1
Level 1
Level 1

Hi All, 

I have my inside interface configured like this:

interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 192.168.x.1 255.255.255.0 standby 192.168.x.3 

It connects to a switch configured also with an access interface. 

 

However, there is a SD-WAN device inbetween, and that device expects to see tagged VLAN traffic. 

 

So I need to change the ports on the switch and ASA to send tagged VLAN traffic. Easy on the switch, but from what I understand on the ASA I will need to create a subinterface. 

 

Of course I have quite a lot of config on the ASA mentioning 'inside' interface, NAT, access-lists and so on. 

How do I do it in a best way? I guess I don't want to remove the current 'nameif inside' as it will remove all this config. 

 

Maybe reboot using a new config with modified interface setup?

 

Thanks!

1 Accepted Solution

Accepted Solutions

db1
Level 1
Level 1

I will reply to my own post, maybe it is helpful to someone in future. 

 

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 

 

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 

 

View solution in original post

2 Replies 2

db1
Level 1
Level 1

I will reply to my own post, maybe it is helpful to someone in future. 

 

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 

 

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 

 

I don't think you can swap it and keep all other rules without impact. I
suggest to create the sub interface without IP, check in the run config is
related to inside interface and configure it for the new interface then
finally migrate the ip address
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: