Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

how to edit subinterfaces in XML config

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

how to edit subinterfaces in XML config

L4 Transporter

Hello

 

I need to modify my config. Now its looks like:

2016-09-20_210651.png

I need to "move" ethernet 1/4.111  as a subinterface ethernet1/7, and all polices and other related objects.

 

SO I opened in editpad lite my config and I try to move part od config related to this subinterface:

</entry>
<entry name="ethernet1/4.111">
<ipv6>
<neighbor-discovery>
<router-advertisement>
<enable>no</enable>
</router-advertisement>
</neighbor-discovery>
</ipv6>
<tag>111</tag>
<ip>
<entry name="DMZ_1"/>
</ip>
<interface-management-profile>Ping_only</interface-management-profile>
</entry>

 

2016-09-20_211159.png

 

but when I try to load  config I get error config malformed

 

How I should do this job? Is it possible to do with xml editor only?

 

Regards

Slawek

5 REPLIES 5

Cyber Elite
Cyber Elite

Most XML editors will make very slight changes to the formatting that they may or may not actually show inline with the document. I'm not sure why you would try and do this large of a change directly from XML to be honest with you. There will also be much more than just that thread to edit, as when you remove the subinterface from the interface configuration any reference to that interface would also need to be altered to reflect the new sub-interface before it ever accepted the configuration; and again you would need to make sure the formating is just right otherwise it will reject the file. 

 

In this situation I would just do it through the GUI instead of taking so much time to edit the XML config directly.

1) Create the sub interface

2) Change the policies away from the exsisting sub-interface and move them to the new one. Attempt to delete the sub-interface and verify the config, it should list anything that hasn't been altered to reflect the new interface before it allows you to actually commit the changes. 

L7 Applicator

There are two methods you can use for this type of operation, load partial from an xml file with the necessary settings and using command set format to add/remove the device settings.

 

I've only used load partial with configs in Panorama but I assume this is possible with the device direct as well.  This method assumes you have an existing valid xml format and you suck those existing subinterface into the new interface hierarchy.  So you don't have to manually write the xml us import the existing xml into the right spot.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-duplicate-settings-among-multiple...

 

The other option is to get the related sections of the config in the set format from the cli.  These then are much easier to edit than the xml file to change values.  Which you then run on the CLI to change or delete the required settings.

 

set cli config-output-format set

then simply show the right sections of the config or just dump the whole config down in set format as a reference

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/Viewing-the-configuration-in-set-and-XML...

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Hi Pulukas

 

Thx for Your tips - I will try it soon

 

Deleting interfaces and creating again isnt an option - there is a lot of setting related on them (dhcp, polices etc).

 

 

Regards

Slawek

Hi Steve

 

I thought that is a simpler ...

 

Could I ask You for one thing.

How to change subinterface from interface X to subintreface at Y - could You give some command example ?

 

With regards

Slawek

 

For example:  The current configuration pulled from the showing in set format might have these commands for this sub interface:

 

set network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 ipv6 neighbor-discovery router-advertisement enable no
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 ip 10.2.0.1
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 tag 10

 

Convert to delete commands (some adjustements needed for leaf objects removed at the end of the command:

 

delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 ipv6 neighbor-discovery
delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 ip 10.2.0.1
delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.2 tag

 

remove from import interfaces:

delete import network interface ethernet1/4.2

 

Convert to interface 1/3:

set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-discovery router-advertisement enable no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ip 10.2.0.1
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 tag 10

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 4520 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!