pixos 6.3 nameif change

Ivast · ‎07-11-2006

hi, I have pix fw in live net, and I need switchover from physical fastethernet interfaces to vlans on gb-ethernet without change remaining configuration ( read: change nameif commands only). What is best way to do it ? ( I thing about default nameif interfaces and dependencies in configuration, which is 'automatically changed' when nameif command changes).

aghaznavi · ‎07-19-2006

nameif {hardware_id | vlan_id} if_name security_level is the format for nameif command,where The hardware name for the network interface that specifies the interface's slot location on the PIX Firewall motherboard.For more info refer the URL

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ab.html#wp1026054

grant.maynard · ‎07-19-2006

There's not an easy way and it's going to cause some downtime on that interface.

First backup you entire config.

Then create a text file containing config relating to this interface - do "show run | inc [interface name]" to get that.

Then get the VLANs/trunking sorted. Use a dummy VLAN for native - do not try to use native VLAN for any data!

Set the nameif etc, then paste that part of the config back in if you need to.

v6 goes:

interface ethernet2 vlan1 physical NATIVE VLAN

interface ethernet2 vlan12 logical

interface ethernet2 vlan20 logical

interface ethernet2 vlan30 logical

interface ethernet2 vlan40 logical

nameif vlan12 dmz12 security22

nameif vlan20 dmz20 security14

nameif vlan30 dmz30 security16

nameif vlan40 dmz40 security18

It's easier in v7, it uses sub-interfaces.