Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
0
Helpful
3
Replies

MultiContext - Vlan Subinterface Deletion

Go to solution
Srinivasan Nagarajan
Level 1
Level 1

‎10-14-2021 07:49 AM

Hi Experts,

 

We're running Multi-context Active/standby firewalls on the version 9.8.4.35. We have been asked to delete the VLAN sub-interfaces, it's access-lists and access-groups.

Not sure if the sub-interface should be removed first from the specific context or from the system space.

Please assist with the order to be followed or the best practice?

 

System Context:-

show run int Port-channel10.101
interface Port-channel10.101
vlan 101

 

Specific Context:-

show run int Port-channel10.101
interface Port-channel10.101
nameif DMZ_1
security-level 50
ip address X.X.X.X 255.255.255.128 standby X.X.X.X

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Srinivasan Nagarajan

‎10-14-2021 08:15 AM - edited ‎10-14-2021 08:15 AM

Get in to context :

 

1- clean up associated ACL and policies

2. from context remove related config for the sub-interface.and shutdown

3. system context where you remove the sub-interface ( no interface Port-channel10.101)

 

changes to be done always active one.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-14-2021 07:53 AM

Clear up the access list and access group any assiciated and shutdown the sub-interface and  remove sub-interface is best approach (in maintenance window always).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Srinivasan Nagarajan
Level 1
Level 1
In response to balaji.bandi

‎10-14-2021 08:05 AM

Hi Balaji, Thanks for the reply. Can you please assist on the below?

Not sure if the sub-interface should be removed first from the specific context or from the system space.

 

System Context:-

show run int Port-channel10.101
interface Port-channel10.101
vlan 101

 

Specific Context:-

show run int Port-channel10.101
interface Port-channel10.101
nameif DMZ_1
security-level 50
ip address X.X.X.X 255.255.255.128 standby X.X.X.X

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Srinivasan Nagarajan

‎10-14-2021 08:15 AM - edited ‎10-14-2021 08:15 AM

Get in to context :

 

1- clean up associated ACL and policies

2. from context remove related config for the sub-interface.and shutdown

3. system context where you remove the sub-interface ( no interface Port-channel10.101)

 

changes to be done always active one.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card