cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1230
Views
0
Helpful
5
Replies

Moving Cisco ASA interfaces from gigabit to tengigabit

teatrodelsogno
Level 1
Level 1

Hi All,

I need to confirm, if the only way to move from interfaces gi0/x to ten0/x is:

1) Remove the configurations on gigabit interfaces and reconfigure (copy/past) it on the new "location".

(the new configuration will be EXACTLY the same... beside obliviously the physical interface)

2) BTW for to do this, I will automatically erase the NAT, ssh, services policy and other configuration!

3) Paste once again all the previously configuration.

---> It could work, but I would like to introduce something more "easy" without fall down in some errors to paste the configuration. (configuration is up to 60000 lines...

 

Maybe I can to this using the ASDM beside the CLI? (I hate ASDM :-P )

Any other experiences, suggestion?

 

Many regards in advance.

 

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You have it right - the process is a bit cumbersome due to how the ASA uses nameif to assign logical names to physical interfaces. Once you "no nameif" the old interface, all the related lines in the configuration that reference it go away.

Ideally, you can do this offline working from a complete backup (including any PSKs and SNMP community strings etc. that are normally encrypted) and just reload the configuration as a new startup-config into the box from bootup, having copied it all offline and changed the physical interface association only.

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

You have it right - the process is a bit cumbersome due to how the ASA uses nameif to assign logical names to physical interfaces. Once you "no nameif" the old interface, all the related lines in the configuration that reference it go away.

Ideally, you can do this offline working from a complete backup (including any PSKs and SNMP community strings etc. that are normally encrypted) and just reload the configuration as a new startup-config into the box from bootup, having copied it all offline and changed the physical interface association only.

Oh, ok, I will consider that. BTW just for summarize, how many "parameters" shoud I consider that will be moved?

nat

snmp

service-policy

access-group

route

ssh

telnet

....just for thinking...

Or anyway, with one "sh run | i nameinterface" I can find ALL parameters that will be erased?

 

Many regards

I'd go with your idea of "show run | i <nameif value>". That should show you all the instances.

You're not really allowing telnet to your security appliance are you? ;)

no telnet :-)

 

BTW for everybody...

this method is working well. "Mechanical" method... but is great and sure!

 

Thanks all..

 

PS

In the other side anyway, I have one really strange and interesting problem on the failover mechanism after this migration.

Let's follow in the next comment the link

bye

https://supportforums.cisco.com/users/teatrodelsogno?qt-profile_content=3#qt-profile_content

Review Cisco Networking for a $25 gift card