Cisco ASA 5505 User Manual
Page 256
 
6-14
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 6 Starting Interface Configuration (ASA 5510 and Higher)
Starting Interface Configuration (ASA 5510 and Higher)
•
Clearing the running configuration and immediately applying a new configuration will minimize the 
downtime of your interfaces. You will not be waiting to configure the interfaces in real time.
Step 1
Connect to the ASA; if you are using failover, connect to the active ASA.
Step 2
If you are using failover, disable failover by entering the no failover command.
Step 3
Copy the running configuration by entering the more system:running-config command and copying the 
display output to a text editor.
Be sure to save an extra copy of the old configuration in case you make an error when you edit it.
Step 4
For each in-use interface that you want to add to a redundant or EtherChannel interface, cut and paste 
all commands under the interface command to the end of the interface configuration section for use in 
creating your new logical interfaces. The only exceptions are the following commands, which should 
stay with the physical interface configuration:
•
media-type
•
speed
•
duplex
•
flowcontrol
Note
You can only add physical interfaces to an EtherChannel or redundant interface; you cannot have 
VLANs configured for the physical interfaces.
Be sure to match the above values for all interfaces in a given EtherChannel or redundant 
interface. Note that the duplex setting for an EtherChannel interface must be Full or Auto.
For example, you have the following interface configuration. The bolded commands are the ones we 
want to use with three new EtherChannel interfaces, and that you should cut and paste to the end of the 
interface section.
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.86.194.225 255.255.255.0
no shutdown
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.1.3 255.255.255.0
no shutdown
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown