09-14-2010 04:36 PM - edited 03-11-2019 11:40 AM
hey all, have a customer using the "name" feature where IP is mapped to a name. basically, the name is used everywhere including the acl. we just need to update the IP associated with the name but here is the problem (when using two approaches).
remove name
add back in name with new ip
result: acl stays in tact but instead of having the name, it is now using the original IP in the acl; so acl is completely wrong
disable "names" globally
update the name with the new ip
enable :names" globally
result: acl stays in tact but instead of having the name, it is now using the original IP; so acl is completely wrong
i know someone has an easy way of doing this.
thanks in advance!
-robert
09-14-2010 05:27 PM
Hey Robert,
What happens when you just add the command for with name NEW_IP without disabling "names"? Have you tried doing the above using ASDM?
Regards,
Prapanch
09-14-2010 06:20 PM
I wish! It gives an error "ERROR: 'TEST_NAME' is already mapped to 10.10.10.1
I'm just trying to avoid creating a new name and updating all the ACL's (about 40 names and a ton of ACL lines).
Thank you!
09-14-2010 07:47 PM
The only way I can think of is this.
schedule some down time.
1. issue "clear config access-list
2. change all IPs in the names.
3. sh start | i access-list
4. paste the acl back to the config
-KS
05-17-2011 09:36 PM
You can also do this from the ASDM, in the addresses tab on the right hand sidebar in the configuration section. find the appropriate network object, right click on it, and select "Edit". You can then change the IP address and/or the name, and the updated name and IP address will replace all appropriate entries in the access lists and NAT entries.
05-18-2011 08:55 AM
Hi Robert
I believe that names are just used for clarity in the config, where an IP address can be read as a meaningful name, rather than IP address.Look at is as the ASA will tranlate the IP to the name for your easy reading, under the hood the IP is stored, for this reason the following will happen
If you remove the name then the ACL will still remain, with the IP address.
My advice would be.
1. Remove the name
2. Add new lines to the ACL with the new IP address, you can easily find the current lines with a "sh run | i IP_ADDRESS" command
3. Remove the lines that referenced the IP address that are not needed (no access-list....)
4. Add the new name command -
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide