ASA 9.1 Context mode, remove subinterface

wilson_1234_2 · ‎06-01-2016

Cisco Adaptive Security Appliance Software Version 9.1(7)4 <context>
Device Manager Version 7.1(1)52

I have an ASA5585 with multiple contexts. Each context has it's own interface. One parent interface holds multiple DMZs with their own VLAN and subinterface.

I am wanting to delete one of the subinterfaces due to it being decommissioned, without disrupting any other active subinterface or customer.. In ASDM, the "delete" function is greyed out fo all subinterfaces.

I didn't just want to remove the subinterface via command line because I figured the delete function was greyed out for a reason.

Can the subinterface be safely removed? And why is "delete" greyed out in ASDM?

johnlloyd_13 · ‎06-01-2016

hi,

are you in 'System' context when deleting the said subinterface?

wilson_1234_2 · ‎06-02-2016

No,

I was in the context that the subinterface was in.

I did notice when looking at trying to add a subinterface in that context, that the physical interface drop down list was not present.

Does this mean to add a subinterface in context mode you have to be in the system context as well?

johnlloyd_13 · ‎06-02-2016

yes, the add/delete of subinterface is done on the system context.

just click on system > interfaces > delete > apply. see attached photo.

wilson_1234_2 · ‎06-02-2016

Ok, in ASDM, I am attached to each context separately, how did you attach as you have done here so you see system and the different contexts?

johnlloyd_13 · ‎06-02-2016

there should be a separate 'system' context, which kinda 'root' of all security contexts.

it's all the way up the contexts, just double click on it.

if you still don't see it, i suggest doing it via CLI:

changeto system

context CONTEXT-A

allocate-interface <INTERFACE> <<< TO ADD

no allocate-interface <INTERFACE> <<< TO DELETE

wilson_1234_2 · ‎06-02-2016

There is a separate system context and I can get to it via command line by changto, but I am connecting to the individual contexts in ASDM by going to their individual IP Addresses.

You have made a connection to the root device in ASDM, that is what I don't see how you did it.

johnlloyd_13 · ‎06-02-2016

like i said, you can't edit interfaces (add or delete) on the security context itself. it needs to be done on the 'system' context.

if you're able to do a changeto system, then you can edit subinterfaces from there. see the sample from my previous post.

see helpful link for ASA context CLI:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/ha_contexts.html#30347

wilson_1234_2 · ‎06-02-2016

Yes, I got that. I was wondering how you got ASDM to show System and all the different contexts in the device list.

I am connecting to the different contexts by pointing ASDM to each individual context by their logical ip addresses.

You have connected to https://localhost:5500, which shows system and the contexts under it.

johnlloyd_13 · ‎06-02-2016

oh that, i'm just using ASDM in demo mode :)

i'm not a big fan of it and do mostly everything in ASA via CLI.

wilson_1234_2 · ‎06-02-2016

Ok, but how did you attach to the ASA with ASDM to show system and the context list?

Did you connect to an IP Address?

If so, which one?

johnlloyd_13 · ‎06-02-2016

you use the management IP address configured under the 'admin' context.

wilson_1234_2 · ‎06-02-2016

Thanks man, I appreciate the prompt responses.

wilson_1234_2 · ‎06-02-2016

Got one more question for you:

Earlier you said "just click on system > interfaces > delete > apply"

When you select the individual interface and right click, is "delete" greyed out?

It looks like I might be able to delete by clicking on 'delete" in the right hand pane, but when I right click on the interface, "delete" is greyed out in the system context.

johnlloyd_13 · ‎06-02-2016

yes, it's 'greyed out' when i also do a right click.

you can delete by clicking on the 'delete' button on the right-hand side of ASDM.

thanks for rating my posts!