03-23-2024 02:43 AM
hi,
i need to migrate G0/0 "outside" and G0/1.xx "inside" sub-interfaces to a new port-channel1 interface.
can't seem to pre-configure the same sub-interface VLAN and ip address under the same context.
can someone advise what is the best approach and with a "minimal" downtime?
do i configure a new context instead and allocate the Po1.900 "outside" and Po1.xx "inside" sub-interfaces?
then delete the old context once the outside and inside interface are migrated and new context configured?
<SYSTEM>
GigabitEthernet0/1.960 unassigned YES unset up up
GigabitEthernet0/1.998 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
ciscoasa(config)# interface Port-channel1.998
ciscoasaconfig-subif)# vlan 998
ERROR: VLAN 998 exists in the global vlans table
ciscoasa(config)# changeto context TEST-CONTEXT
ciscoasa/TEST-CONTEXT(config)# sh int ip b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/1.998 10.1.6.4 YES manual up up
Port-channel1.998 unassigned YES unset up up
ciscoasa/TEST-CONTEXT(config)# interface Port-channel1.998
ciscoasa/TEST-CONTEXT(config-if)# nameif TEST
ERROR: VLAN must be configured for interface Port-channel1.998
ciscoasa/TEST-CONTEXT(config-if)#
ciscoasa/TEST-CONTEXT(config-if)# sh run interface Port-channel1.998
!
interface Port-channel1.998
no nameif <<< CAN'T PRE-CONFIGURE NAMEIF
no security-level
no ip address
ciscoasa/TEST-CONTEXT(config-if)# ip address 10.1.6.4 255.255.255.0
ERROR: Failed to apply IP address to interface Port-channel1.998, as the network overlaps with interface GigabitEthernet0/1.998. Two interfaces cannot be in the same subnet. <<< CAN'T PRE-CONFIGURE L3 IP
-----
changeto system
interface Port-channel1.900
description OUTSIDE
vlan 900
interface Port-channel1.998
description INSIDE
vlan 998
context NEW-CONTEXT
allocate-interface Port-channel1.900
allocate-interface Port-channel1.998
!! CONFIGURE NEW-CONTEXT
!! REMOVE OLD-CONTEXT AND G0/1.xx INSIDE SUBIF
no context OLD-CONTEXT
no interface GigabitEthernet0/1.998
!! G0/0 OUTSIDE IS STILL USED BY OTHER CONTEXT
03-23-2024 02:57 AM
Personally VLAN is the one connected to Switch is important. why not use different VLAN using same context ?
make sure switch associated with connected port allow new VLAN you looking to create.
03-23-2024 05:20 AM
hi balaji,
i don't think it's practical to change ALL "inside" sub-interface to a new VLAN.
03-23-2024 07:06 AM
Ok let me re-cap here are you looking total move from Interface to Port-channel ?
Create New context possible but more work right ? (also required downtime moving from context to context ?)
Rather over engineering - suggest to take downtime and big bang moving is best option i can thing of.
03-23-2024 08:12 PM
yes, move ALL "inside" sub-interfaces into the new port-channel interface like i said.
was thinking of some other way other than configuring a new context and allocate the new sub-interfaces in the port-channel.
as you saw in the error in my original post, you can assign the same VLAN on the current G0/1.xx and Po1.xx, but can't configure the same nameif and ip address. so i don't think configuring a new context is the alternative.
03-24-2024 02:38 AM
but can't configure the same nameif and ip address.
You can not have same IP address
03-23-2024 03:01 AM
any new interface have same nameif of other interface not work
I run now lab of NSK if you can wait me to night I can send to you some steps to shift from g0/0.x to port-channel .x
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide