Howto delete sub-interace from cli

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Howto delete sub-interace from cli

Not applicable

Hi,

I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.20

Server error : ethernet1/4.20 cannot be deleted because of references from:

import -> network -> interface

[edit]                       

Thanx

Kristian

13 REPLIES 13

L4 Transporter

The interface is assigned to vsys1

try this,

delete vsys vsys1 import network interface ethernet1/4.20

No, that`s not working. At least not on the pa-200.

Here is the output

admin@PA-200# delete vsys vsys1 import network interface ethernet1/4.20

Invalid syntax.

[edit]                                                                                                             

admin@PA-200# delete ?

  address                  address

  address-group            address-group

  application              application

  application-filter       application-filter

  application-group        application-group

  captive-portal           captive-portal

  deviceconfig             deviceconfig

  display-name             alphanumeric string [ 0-9a-zA-Z._-]

  email-scheduler          email-scheduler

  external-list            external-list

  global-protect           GlobalProtect

  group-mapping            group-mapping

  mgt-config               mgt-config

  network                  network configuration

  ocsp-responder           ocsp-responder

  pdf-summary-report       pdf-summary-report

  profile-group            profile-group

  profiles                 profiles

  region                   region

  report-group             report-group

  reports                  reports

  rulebase                 rulebase

  schedule                 schedule

  service                  service

  service-group            service-group

  setting                  setting

  shared                   shared

  threats                  threats

  ts-agent                 ts-agent

  url-admin-override       url-admin-override

  url-content-types        url-content-types

  user-id-agent            user-id-agent

  user-id-agent-sequence   user-id-agent-sequence

  user-id-collector        user-id-collector

  zone                     zone

admin@PA-200#

Follow these steps.

1 ) From the cli type

"set cli config-output-format set "

2) Now from the configuration mode type

"show network interface"

This will give you the configuration references where the sub-interface is referred.

For example I have done the same on my device and found out that my sub-interface ethernet 1/3.2 is referred in IPV6 routing settings as shown below.

ork interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement reachable-time unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement retransmission-timer unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement lifetime 1800

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement managed-flag no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement other-flag no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement enable-consistency-check no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement link-mtu unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very enable-dad no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very reachable-time 30

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very ns-interval 1

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very dad-attempts 1

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 enabled no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 interface-id E

UI-64

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 adjust-tcp-mss no

Now I have used  only one command to delete all these interface references which is

"delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6"

which removed all the references from IPV6 now I have deleted the sub-interface with out any issues as I have already removed the references in the config.

Try the same, find out the references and remove the same.

Thanks,

Sandeep T

Hi Sandeep T,

The command "delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6" will only remove the ipv6 config lines, ipv4 and tag`s ++ wil still be on the interface.

I still get this message when trying to remove the interface:

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

Server error : ethernet1/4.10 cannot be deleted because of references from:

import -> network -> interface

/kristian

go to configure mode.

type show zone,

Look for "set zone <zone name> network layer3 ethernet1/4.20"

try delete zone <zone name> network layer3 ethernet 1/4.20

I was able to delete the sub-interface even with the tag config. Did you remove the zones, IP config ? If not try to remove that as shown in this document.

https://live.paloaltonetworks.com/docs/DOC-2922


Thanks,

Sandeep T

Hi,

The zone configuration has already been removed:

admin@PA-200# show zone

set zone trust network layer3 ethernet1/2

set zone untrust network layer3 ethernet1/1

[edit]                                                                                                                                               

admin@PA-200#

As you can see in the picture the is no Management Profile, vr, vlan tag or security zones configured on the interface.

/kristian

Interesting, so you do not have any configuration and it still shows references !! What does the output of the show network interface show ? any references to sub-interfaces ?

Thanks,

Sandeep T

Hi,

Here is the output of the show command:

admin@PA-200# show network interface ethernet ethernet1/4

set network interface ethernet ethernet1/4 link-speed auto

set network interface ethernet ethernet1/4 link-duplex auto

set network interface ethernet ethernet1/4 link-state auto

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

[edit]                                                                                                                                                                     

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

Server error : ethernet1/4.10 cannot be deleted because of references from:

import -> network -> interface

[edit]                                                                                                                                                                     

admin@PA-200#

Now when I try to commit I get the error:

admin@PA-200# commit

..

network -> interface -> ethernet -> ethernet1/4 -> layer3 -> units -> ethernet1/4.10 constraints failed : tag is required

[edit]                                                                                                                                                                     

admin@PA-200#

Now after putting the tag back on and after a commit, you can see the reference to the import -> interface here:

admin@PA-200> show config running

config {

  devices {

    localhost.localdomain {

      network {

        interface {

          ethernet {

            ethernet1/4 {

              link-speed auto;

              link-duplex auto;

              link-state auto;

              layer3 {

                units {

                  ethernet1/4.10 {

                    tag 10;

                  }

                }

              }

            }

          }

      }

      vsys {

        vsys1 {

          import {

            network {

              interface [ ethernet1/3 ethernet1/4 ethernet1/1 ethernet1/4.10];

            }

          }

/kristian

can you do a commit force once using the command "commit force" and try deleting the interface once, if it does not work I would recommend you to open a case with support for further assistance on this.

Thanks,

Sandeep T

Looks the same... This might be a PA-200 issue, i`l try it on a bigger box when I get the time.

Thanks for all the help.

admin@PA-200# show network interface ethernet ethernet1/4

set network interface ethernet ethernet1/4 link-speed auto

set network interface ethernet ethernet1/4 link-duplex auto

set network interface ethernet ethernet1/4 link-state auto

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10 tag 10

[edit]                                                                                                                                                                     

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10 tag

[edit]                                                                                                                                                                     

admin@PA-200# show network interface ethernet ethernet1/4

set network interface ethernet ethernet1/4 link-speed auto

set network interface ethernet ethernet1/4 link-duplex auto

set network interface ethernet ethernet1/4 link-state auto

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

[edit]                                                                                                                                                                     

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

Server error : ethernet1/4.10 cannot be deleted because of references from:

import -> network -> interface

[edit]                                                                                                                                                                     

admin@PA-200# commit force

+ partial   partial

  <Enter>   Finish input

admin@PA-200# commit force

..

network -> interface -> ethernet -> ethernet1/4 -> layer3 -> units -> ethernet1/4.10 constraints failed : tag is required

[edit]                                                                                                                                                                     

admin@PA-200# show network interface ethernet ethernet1/4

set network interface ethernet ethernet1/4 link-speed auto

set network interface ethernet ethernet1/4 link-duplex auto

set network interface ethernet ethernet1/4 link-state auto

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

[edit]                                                                                                                                                                     

admin@PA-200#

Just ran into this. This worked:

 

delete import network interface ethernet1/4.10

L0 Member

Follow the error message. The node it states the reference is at is  Import > network > interface.

First off, viewing the config in XML is painful so I recommend doing 

 

 

set cli config-output-format set

 

 

which will give you the config as set statements which are a tonne easier to read.

 

Type:

 

 

configure

show import network 

 

 

 

You will probably still see the interface listed under interfaces still.

So to fix that you just do:

 

 

configure
delete import network interface ethernet1/4.20

 

This will remove that interface from the list and in turn remove the reference. You may find the subinterface is now deleted, but if not you should now be able to run the original delete command without it failing.

 

  • 11180 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!