Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
3
Replies

ASA - reconfiguring interfaces help

jigsaw2026
Level 1
Level 1

‎12-08-2008 07:55 AM - edited ‎03-11-2019 07:22 AM

Hi,

I have a trunk port on one interface, with 2 sub-interfaces. I am actually decomissioning one of the vlans, so I would like to remove the sub-interfaces and make it a regular interface with the remaining vlan.

Setup as follows:

interface GigabitEthernet0/1

speed 1000

duplex full

no nameif

no security-level

no ip address

!

interface GigabitEthernet0/1.3

vlan 30

nameif inside

security-level 100

ip address 10.20.0.1 255.255.0.0 standby 10.20.0.2

!

interface GigabitEthernet0/1.10

vlan 10

nameif storage

security-level 85

ip address 10.24.0.1 255.255.0.0 standby 10.24.0.2

!

I would like to get to:

interface GigabitEthernet0/1

speed 1000

duplex full

nameif storage

security-level 85

ip address 10.24.0.1 255.255.0.0 standby 10.24.0.2

I have an active/standby failover. I would like to readdress this with minimal downtime, but I'm unsure how to do this without confusing the failover. I was thinking that I could do the following:

1) On the standby unit, remove both sub-interfaces and readdress interface as above

2) Failover primary to standby

3) On primary, remove both sub-interfaces and readdress interface as above.

4) Fail back to primary

With this plan I am worried that

-standby unit will complain that it's not synched

-failver from primary will not occur because standby interfaces will no longer exist

Or is it necessary for me to admin shut down the primary interface (will this cause failover???), readress and then bring back up again, no failover required...

Can anyone think of a good way of going about this?

Many thanks,

J

Labels:
0 Helpful
3 Replies 3

Collin Clark
VIP Alumni
VIP Alumni

‎12-08-2008 09:23 AM

I don't think the firewall will failover when you make interface config changes. If you're really concerned, you could reboot/shut down the failover device and while it's down/rebooting, you could make your configuration changes. Once the standby device is online it will sync the config with the primary.

Hope that helps.

0 Helpful

jigsaw2026
Level 1
Level 1
In response to Collin Clark

‎12-09-2008 01:51 AM

Thank you for your response. The problem is that I do not really want any downtime while I'm doing it (for the remaining vlan) - which is why I thought to failover - but I guess that's not possible?

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to jigsaw2026

‎12-09-2008 05:58 AM

IMO by using failover to keep uptime during the reconfig, you greatly increase your risk in things getting FUBAR'd.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card