Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1248
Views
5
Helpful
2
Replies

Cisco ASA5585x Change Netmask live on an interface

Go to solution
StaffanCelind6257
Level 1
Level 1

‎05-28-2019 02:19 AM - edited ‎07-05-2021 10:28 AM

Cisco Adaptive Security Appliance Software Version 9.6(4)8

 

We're going to change the netmask on two interfaces on a ASA5585x Firewall.

These interfaces are critical for a system the runs behind these interfaces,

and these system cannot have any downtime or LoS.

 

So my question is, how much of an impact does the change of the netmask

have on these systems, will there be any downtime because of this?

 

The config i want to do is:

#interface Port-channel23.808
#ip address 172.31.28.1 255.255.252.0 standby 172.31.28.2

and

#interface Port-channel23.810
#ip address 172.31.24.1 255.255.252.0 standby 172.31.24.2

 

Will there be any loss of packets and/or sessions?

 

the ASA is in a HA-cluster.

Current config is:

 

interface Port-channel23.808
 vlan 808
 nameif eR-Tst
 security-level 30
 ip address 172.31.28.1 255.255.255.0 standby 172.31.28.2
 ipv6 address 2001:67c:274:1309::1/64 standby 2001:67c:274:1309::2
 ipv6 enable
 ipv6 nd prefix 2001:67c:274:1309::/64 no-autoconfig

interface Port-channel23.810
 vlan 810
 nameif eR-Srv
 security-level 40
 ip address 172.31.24.1 255.255.255.0 standby 172.31.24.2
 policy-route route-map rm-er-srv
 ipv6 address 2001:67c:274:1313::1/64 standby 2001:67c:274:1313::2
 ipv6 enable
 ipv6 nd prefix 2001:67c:274:1313::/64 no-autoconfig

 

Thanks in advance if these is anyone who knows if there is a way to change

subnetmask without disrupting the network on an ASA5585 in a HA-cluster.

 

With Regards

Staffan Celind

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich R
VIP
VIP

‎05-28-2019 05:29 AM

Hi Staffan. Your request has nothing to do with Wireless Mobility so not sure why you posted it here, should be in a more appropriate group.
Nevertheless I'd expect the change to be seamless but there is no substitute for testing in a lab environment first so I suggest you do that given the criticality of your systems.
RR
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

2 Replies 2

Go to solution
Rich R
VIP
VIP

‎05-28-2019 05:29 AM

Hi Staffan. Your request has nothing to do with Wireless Mobility so not sure why you posted it here, should be in a more appropriate group.
Nevertheless I'd expect the change to be seamless but there is no substitute for testing in a lab environment first so I suggest you do that given the criticality of your systems.
RR
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
StaffanCelind6257
Level 1
Level 1
In response to Rich R

‎05-28-2019 06:17 AM

Oh my, didn't notice.

I'll just solve this one and post it in the network section.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card