Howto delete sub-interace from cli

Reply
Not applicable

Howto delete sub-interace from cli

Hi,

I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.20

Server error : ethernet1/4.20 cannot be deleted because of references from:

import -> network -> interface

[edit]                       

Thanx

Kristian

Tags (3)
L4 Transporter

Re: Howto delete sub-interace from cli

The interface is assigned to vsys1

try this,

delete vsys vsys1 import network interface ethernet1/4.20

Not applicable

Re: Howto delete sub-interace from cli

No, that`s not working. At least not on the pa-200.

Here is the output

admin@PA-200# delete vsys vsys1 import network interface ethernet1/4.20

Invalid syntax.

[edit]                                                                                                             

admin@PA-200# delete ?

  address                  address

  address-group            address-group

  application              application

  application-filter       application-filter

  application-group        application-group

  captive-portal           captive-portal

  deviceconfig             deviceconfig

  display-name             alphanumeric string [ 0-9a-zA-Z._-]

  email-scheduler          email-scheduler

  external-list            external-list

  global-protect           GlobalProtect

  group-mapping            group-mapping

  mgt-config               mgt-config

  network                  network configuration

  ocsp-responder           ocsp-responder

  pdf-summary-report       pdf-summary-report

  profile-group            profile-group

  profiles                 profiles

  region                   region

  report-group             report-group

  reports                  reports

  rulebase                 rulebase

  schedule                 schedule

  service                  service

  service-group            service-group

  setting                  setting

  shared                   shared

  threats                  threats

  ts-agent                 ts-agent

  url-admin-override       url-admin-override

  url-content-types        url-content-types

  user-id-agent            user-id-agent

  user-id-agent-sequence   user-id-agent-sequence

  user-id-collector        user-id-collector

  zone                     zone

admin@PA-200#

L6 Presenter

Re: Howto delete sub-interace from cli

Follow these steps.

1 ) From the cli type

"set cli config-output-format set "

2) Now from the configuration mode type

"show network interface"

This will give you the configuration references where the sub-interface is referred.

For example I have done the same on my device and found out that my sub-interface ethernet 1/3.2 is referred in IPV6 routing settings as shown below.

ork interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement reachable-time unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement retransmission-timer unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement lifetime 1800

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement managed-flag no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement other-flag no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement enable-consistency-check no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very router-advertisement link-mtu unspecified

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very enable-dad no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very reachable-time 30

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very ns-interval 1

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco

very dad-attempts 1

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 enabled no

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 interface-id E

UI-64

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 adjust-tcp-mss no

Now I have used  only one command to delete all these interface references which is

"delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6"

which removed all the references from IPV6 now I have deleted the sub-interface with out any issues as I have already removed the references in the config.

Try the same, find out the references and remove the same.

Thanks,

Sandeep T

Not applicable

Re: Howto delete sub-interace from cli

Hi Sandeep T,

The command "delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6" will only remove the ipv6 config lines, ipv4 and tag`s ++ wil still be on the interface.

I still get this message when trying to remove the interface:

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

Server error : ethernet1/4.10 cannot be deleted because of references from:

import -> network -> interface

/kristian

L4 Transporter

Re: Howto delete sub-interace from cli

go to configure mode.

type show zone,

Look for "set zone <zone name> network layer3 ethernet1/4.20"

try delete zone <zone name> network layer3 ethernet 1/4.20

L6 Presenter

Re: Howto delete sub-interace from cli

I was able to delete the sub-interface even with the tag config. Did you remove the zones, IP config ? If not try to remove that as shown in this document.

https://live.paloaltonetworks.com/docs/DOC-2922


Thanks,

Sandeep T

Not applicable

Re: Howto delete sub-interace from cli

Hi,

The zone configuration has already been removed:

admin@PA-200# show zone

set zone trust network layer3 ethernet1/2

set zone untrust network layer3 ethernet1/1

[edit]                                                                                                                                               

admin@PA-200#

As you can see in the picture the is no Management Profile, vr, vlan tag or security zones configured on the interface.

/kristian

L6 Presenter

Re: Howto delete sub-interace from cli

Interesting, so you do not have any configuration and it still shows references !! What does the output of the show network interface show ? any references to sub-interfaces ?

Thanks,

Sandeep T

Not applicable

Re: Howto delete sub-interace from cli

Hi,

Here is the output of the show command:

admin@PA-200# show network interface ethernet ethernet1/4

set network interface ethernet ethernet1/4 link-speed auto

set network interface ethernet ethernet1/4 link-duplex auto

set network interface ethernet ethernet1/4 link-state auto

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

[edit]                                                                                                                                                                     

admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10

Server error : ethernet1/4.10 cannot be deleted because of references from:

import -> network -> interface

[edit]                                                                                                                                                                     

admin@PA-200#

Now when I try to commit I get the error:

admin@PA-200# commit

..

network -> interface -> ethernet -> ethernet1/4 -> layer3 -> units -> ethernet1/4.10 constraints failed : tag is required

[edit]                                                                                                                                                                     

admin@PA-200#

Now after putting the tag back on and after a commit, you can see the reference to the import -> interface here:

admin@PA-200> show config running

config {

  devices {

    localhost.localdomain {

      network {

        interface {

          ethernet {

            ethernet1/4 {

              link-speed auto;

              link-duplex auto;

              link-state auto;

              layer3 {

                units {

                  ethernet1/4.10 {

                    tag 10;

                  }

                }

              }

            }

          }

      }

      vsys {

        vsys1 {

          import {

            network {

              interface [ ethernet1/3 ethernet1/4 ethernet1/1 ethernet1/4.10];

            }

          }

/kristian

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!