cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Noah_T
Iron

Removing a VLAN from Interface

One of physical interface on a SG 15000 Series firewall cluster is trunked with 1 vlan and I need to remove that vlan and turn off the interface . What is the correct procedure to do that ?

 Cluster with active/standby setup. Gateways are on GAIA R77.30 , managed by R80 CMA. 

8 Replies

Re: Removing a VLAN from Interface

Delete the VLAN Interface from GAiA Web portal or Clish..

Turn off the physical interface. 

All changes must do on each member of gateways.

Then Update Topology Table on Smartconsole

0 Kudos
Noah_T
Iron

Re: Removing a VLAN from Interface

Gomboragchaa Jamganjav

Should it be removed 1st on Standby Gateway ?

After updating the topology table should a policy push be required ?

0 Kudos

Re: Removing a VLAN from Interface

if you update topology after removing it from gateways, this will break cluster status for sure!

Noah_T
Iron

Re: Removing a VLAN from Interface

Thanks Norbert.

I would like to follow the steps you outlined. Below is my Plan,

1) Remove the interface from the topology table in SmartConsole and push the policy.

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 4
Required secured interfaces: 1)

after step 1 would the output be as below ?

( Current output of cphaprob -a if is below & cphaprb stat - Active/Standby )

Required interfaces: 3
Required secured interfaces: 1)

2) delete IF from standby (clish)

3) delete IF from active (clish)

4) admin down the physical interface on both nodes

0 Kudos

Re: Removing a VLAN from Interface

Delete vlan then admin down interface on both members.

Would prefer to start with standby node, especially if interface/vlan set as a cluster monitored

After changes on firewall nodes level, update topology on cluster object in CMA  and push policy

0 Kudos

Re: Removing a VLAN from Interface

Hi,

As it is in cluster, I would suggest to follow instruction as per sk57100.

 

0 Kudos

Re: Removing a VLAN from Interface

sk57100 is a good choice.

But I must admit, that I never followed it completely. So I never stopped a member for this type of maintenance. 

I normally use the following to remove an interface:

- remove it from topology in cluster object through SmartConsole

- check chaprob -a if for the change on both members

- delete IF from standby (clish)

- delete IF from active (clish)

0 Kudos

Re: Removing a VLAN from Interface

This seems to be Good steps

0 Kudos