04-14-2015 05:10 AM - edited 03-11-2019 10:46 PM
Hi All,
I need to confirm, if the only way to move from interfaces gi0/x to ten0/x is:
1) Remove the configurations on gigabit interfaces and reconfigure (copy/past) it on the new "location".
(the new configuration will be EXACTLY the same... beside obliviously the physical interface)
2) BTW for to do this, I will automatically erase the NAT, ssh, services policy and other configuration!
3) Paste once again all the previously configuration.
---> It could work, but I would like to introduce something more "easy" without fall down in some errors to paste the configuration. (configuration is up to 60000 lines...
Maybe I can to this using the ASDM beside the CLI? (I hate ASDM :-P )
Any other experiences, suggestion?
Many regards in advance.
Solved! Go to Solution.
04-14-2015 05:57 AM
You have it right - the process is a bit cumbersome due to how the ASA uses nameif to assign logical names to physical interfaces. Once you "no nameif" the old interface, all the related lines in the configuration that reference it go away.
Ideally, you can do this offline working from a complete backup (including any PSKs and SNMP community strings etc. that are normally encrypted) and just reload the configuration as a new startup-config into the box from bootup, having copied it all offline and changed the physical interface association only.
04-14-2015 05:57 AM
You have it right - the process is a bit cumbersome due to how the ASA uses nameif to assign logical names to physical interfaces. Once you "no nameif" the old interface, all the related lines in the configuration that reference it go away.
Ideally, you can do this offline working from a complete backup (including any PSKs and SNMP community strings etc. that are normally encrypted) and just reload the configuration as a new startup-config into the box from bootup, having copied it all offline and changed the physical interface association only.
04-14-2015 06:01 AM
Oh, ok, I will consider that. BTW just for summarize, how many "parameters" shoud I consider that will be moved?
nat
snmp
service-policy
access-group
route
ssh
telnet
....just for thinking...
Or anyway, with one "sh run | i nameinterface" I can find ALL parameters that will be erased?
Many regards
04-14-2015 06:07 AM
I'd go with your idea of "show run | i <nameif value>". That should show you all the instances.
You're not really allowing telnet to your security appliance are you? ;)
04-21-2015 06:57 AM
no telnet :-)
BTW for everybody...
this method is working well. "Mechanical" method... but is great and sure!
Thanks all..
PS
In the other side anyway, I have one really strange and interesting problem on the failover mechanism after this migration.
Let's follow in the next comment the link
bye
04-22-2015 02:33 AM
https://supportforums.cisco.com/users/teatrodelsogno?qt-profile_content=3#qt-profile_content
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide