cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1253
Views
0
Helpful
2
Replies

Changing interface from access to trunk

db1
Level 1
Level 1

Hi All, 

I have my inside interface configured like this:

interface GigabitEthernet1/2
 nameif inside
 security-level 100
 ip address 192.168.x.1 255.255.255.0 standby 192.168.x.3 

It connects to a switch configured also with an access interface. 

 

However, there is a SD-WAN device inbetween, and that device expects to see tagged VLAN traffic. 

 

So I need to change the ports on the switch and ASA to send tagged VLAN traffic. Easy on the switch, but from what I understand on the ASA I will need to create a subinterface. 

 

Of course I have quite a lot of config on the ASA mentioning 'inside' interface, NAT, access-lists and so on. 

How do I do it in a best way? I guess I don't want to remove the current 'nameif inside' as it will remove all this config. 

 

Maybe reboot using a new config with modified interface setup?

 

Thanks!

1 Accepted Solution

Accepted Solutions

db1
Level 1
Level 1

I will reply to my own post, maybe it is helpful to someone in future. 

 

1. I copied the startup config to ftp server

2. I opened it in Notepad++, changed the interface config

3. I copied the modified startup config from ftp to startup-config on the ASA

4. Outside working hours I rebooted the ASA

5. While the ASA was rebooting I changed the config on the switch to trunk instead of access

6. When ASA rebooted it loaded the new startup-config and everything worked right away. 

 

Everything worked nice, I did not lose any configuration, all NAT / Access rules were still there. 

 

View solution in original post