Changing interface from access to trunk

Level 1
Level 1

Hi All, 

I have my inside interface configured like this:

interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 192.168.x.1 standby 192.168.x.3 

It connects to a switch configured also with an access interface. 


However, there is a SD-WAN device inbetween, and that device expects to see tagged VLAN traffic. 


So I need to change the ports on the switch and ASA to send tagged VLAN traffic. Easy on the switch, but from what I understand on the ASA I will need to create a subinterface. 


Of course I have quite a lot of config on the ASA mentioning 'inside' interface, NAT, access-lists and so on. 

How do I do it in a best way? I guess I don't want to remove the current 'nameif inside' as it will remove all this config. 


Maybe reboot using a new config with modified interface setup?



1 Accepted Solution

Accepted Solutions

Level 1
Level 1

I will reply to my own post, maybe it is helpful to someone in future. 


1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 


Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 


