Solved: Re: Changing interface from access to trunk

db1 · ‎02-18-2019

Hi All,

I have my inside interface configured like this:

interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 192.168.x.1 255.255.255.0 standby 192.168.x.3

It connects to a switch configured also with an access interface.

However, there is a SD-WAN device inbetween, and that device expects to see tagged VLAN traffic.

So I need to change the ports on the switch and ASA to send tagged VLAN traffic. Easy on the switch, but from what I understand on the ASA I will need to create a subinterface.

Of course I have quite a lot of config on the ASA mentioning 'inside' interface, NAT, access-lists and so on.

How do I do it in a best way? I guess I don't want to remove the current 'nameif inside' as it will remove all this config.

Maybe reboot using a new config with modified interface setup?

Thanks!

db1 · ‎02-18-2019

I will reply to my own post, maybe it is helpful to someone in future.

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away.

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there.

View solution in original post

db1 · ‎02-18-2019