Change V-lan ID of Outside Interface

Unanswered Question
Dec 25th, 2008

Hi, We have installed ASA 5505 in production and the Outside Interface V-lan ID is 2 with IP address 1.1.1.1/24.

Now I want to change the V-lan ID and assign 100. So is there any command to change the V-lan ID or do i need to create a new one. If i create a newone then what steps need to be taken? Pl advice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Fri, 12/26/2008 - 15:55

u need to creat new one

give it ip address in in diffrent subnet than vlan 2 interface

or delete vlan 2 interface and give it the ip address of vlan 2

steps creat the interface name it with nameif give it the security level give it ip

then if u have routing through that interface configure that rotuing

if u have nating implimite the nating

good luck

hope this helps

ray_stone Fri, 12/26/2008 - 19:29

Hi, Thanks for your answer.

Here, I need to change the V-lan ID remotely as its not possible to do this change manually on Hardware, If I use the above commands then is it possible that I lost the connectivity while changing V-lan ID. Pl confirm. Thanks

Patrick Laidlaw Fri, 12/26/2008 - 23:48

If you are doing this remotely are you coming in through the outside interface or are you doing this from a dial in internal connection. If outside I recommend you write out the commands in a text file and then ftp or tftp it to the box.

You would then continue on to do something similar to these commands.

!-----Begin TEXT configuration---

interface Ethernet0/0.2

no vlan 2

no nameif

no ip address

no interface ethernet 0/0.2

interface Ethernet 0/0.x !***replace x with new vlan id

vlan x !***replace x with new vlan id

nameif outside

ip address x.x.x.x x.x.x.x !***replace with appropriate IP address

no shut

!-----END TEXT configuraiton----

I took some assumptions that your existing configuration is using a subinterface. The other option to do it quick and dirty. This would entail telnetting to the device and just typing in vlan x under the outside interface as long as there is an existing sub interface. I haven't actually tried to do this quick and dirty it should work though. If its on the physical interface I'm not sure the command off the top of my head to change the vlan.

Hope this Helps

Patrick

ray_stone Sat, 12/27/2008 - 00:23

Thanks for your response. First I would try to do this here then move to Production as I can't take any risk without knowing the output. Another question for you: By default V-lan is assigned to Outside Interface, if I change the V-lan ID of outside ID then is it right step to do as scruity concerned and for enhacements or same functionality will remain whether the V-lan ID be set by defauly or manually assigned. Thanks.

Patrick Laidlaw Mon, 12/29/2008 - 10:50

If your worried about the security concerns by haveing it a vlan vs the physical interface I really don't think there is much of one unless you have multiple interfaces setup on the outside physical interface. If its only that that one vlan is on that interface there is not a concern.

Patrick

FYI. It's much easier to help people when the snippit of your config is refereced even when its been sanitised.

Actions

This Discussion