12-25-2008 07:41 PM - edited 03-11-2019 07:29 AM
Hi, We have installed ASA 5505 in production and the Outside Interface V-lan ID is 2 with IP address 1.1.1.1/24.
Now I want to change the V-lan ID and assign 100. So is there any command to change the V-lan ID or do i need to create a new one. If i create a newone then what steps need to be taken? Pl advice.
12-26-2008 03:55 PM
u need to creat new one
give it ip address in in diffrent subnet than vlan 2 interface
or delete vlan 2 interface and give it the ip address of vlan 2
steps creat the interface name it with nameif give it the security level give it ip
then if u have routing through that interface configure that rotuing
if u have nating implimite the nating
good luck
hope this helps
12-26-2008 07:29 PM
Hi, Thanks for your answer.
Here, I need to change the V-lan ID remotely as its not possible to do this change manually on Hardware, If I use the above commands then is it possible that I lost the connectivity while changing V-lan ID. Pl confirm. Thanks
12-26-2008 11:48 PM
If you are doing this remotely are you coming in through the outside interface or are you doing this from a dial in internal connection. If outside I recommend you write out the commands in a text file and then ftp or tftp it to the box.
You would then continue on to do something similar to these commands.
!-----Begin TEXT configuration---
interface Ethernet0/0.2
no vlan 2
no nameif
no ip address
no interface ethernet 0/0.2
interface Ethernet 0/0.x !***replace x with new vlan id
vlan x !***replace x with new vlan id
nameif outside
ip address x.x.x.x x.x.x.x !***replace with appropriate IP address
no shut
!-----END TEXT configuraiton----
I took some assumptions that your existing configuration is using a subinterface. The other option to do it quick and dirty. This would entail telnetting to the device and just typing in vlan x under the outside interface as long as there is an existing sub interface. I haven't actually tried to do this quick and dirty it should work though. If its on the physical interface I'm not sure the command off the top of my head to change the vlan.
Hope this Helps
Patrick
12-27-2008 12:23 AM
Thanks for your response. First I would try to do this here then move to Production as I can't take any risk without knowing the output. Another question for you: By default V-lan is assigned to Outside Interface, if I change the V-lan ID of outside ID then is it right step to do as scruity concerned and for enhacements or same functionality will remain whether the V-lan ID be set by defauly or manually assigned. Thanks.
12-29-2008 10:50 AM
If your worried about the security concerns by haveing it a vlan vs the physical interface I really don't think there is much of one unless you have multiple interfaces setup on the outside physical interface. If its only that that one vlan is on that interface there is not a concern.
Patrick
FYI. It's much easier to help people when the snippit of your config is refereced even when its been sanitised.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide