Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

What's the best way to swap the interface configuration

Hi - I have a redundant pair of 5520s and I need to swap the interface configuration on them;

We have a DMZ connected to the Management interface and the failover link runs over one of the gig interfaces. I'm trying to work out the best way to swap the interface config for these whilst minimizing downtime.

Does anyone have any suggestions?

Many thanks, Dom

Everyone's tags (4)
Super Bronze

Re: What's the best way to swap the interface configuration


Personally I haven't had to do this kind of change. When interfaces have changed it has almost always been a larger change where some downtime was to be expected.

You could maybe do it like this

- Remove the secondary unit from the network and remove the Failover configurations (I think you can leave the standby IP configurations intact, but not 100% sure)

- Change the DMZ configurations and physical connections to the new port. You will also need to issue all the "nameif" related commands again (like NAT commands and attaching ACL to an interface and so on.

- Configure the new Failover link

- Perhaps even clear the configurations on the former secondary unit and configure it with just the failover configurations and let it copy the settings from the primary/active unit when its (secondary ASA) connected to the network.

Ofcourse youve better backup the original situation/configuration and also gather all the configurations related to the DMZ interfaces "nameif" since you will loose all those when moving the interface configurations (you cant change the nameif to another interface/subinterface without losing the related configurations as the ASA wont let you name another interface with the same "nameif" if one already excists)

- Jouni

CreatePlease to create content