- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-14-2013 01:23 AM
Hi,
I`m trying to delete a sub-interface from CLI but cant seem to find the correct command, i managed to remove the IP address and tag but not the entire sub-interface.
admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.20
Server error : ethernet1/4.20 cannot be deleted because of references from:
import -> network -> interface
[edit]
Thanx
Kristian
08-14-2018 11:07 AM
Just ran into this. This worked:
delete import network interface ethernet1/4.10
06-03-2024 08:45 PM
Also if you have pushed subinterface from Panorama to PA and you get this error
Failed to delete Ethernet Interface - . ethernet1/12.3402 cannot be deleted because of references from:, template -> Test -> config -> devices -> localhost.localdomain -> vsys -> vsys1 -> import -> network -> interface.
From Panorama Config mode
#delete template Test config vsys vsys1 import network interface eth1/12.3402
After this Command you will be able to delete the sub interface from Panorama and then Push the config to PA.
Regards
02-14-2013 05:53 AM
The interface is assigned to vsys1
try this,
delete vsys vsys1 import network interface ethernet1/4.20
02-14-2013 07:41 AM
No, that`s not working. At least not on the pa-200.
Here is the output
admin@PA-200# delete vsys vsys1 import network interface ethernet1/4.20
Invalid syntax.
[edit]
admin@PA-200# delete ?
address address
address-group address-group
application application
application-filter application-filter
application-group application-group
captive-portal captive-portal
deviceconfig deviceconfig
display-name alphanumeric string [ 0-9a-zA-Z._-]
email-scheduler email-scheduler
external-list external-list
global-protect GlobalProtect
group-mapping group-mapping
mgt-config mgt-config
network network configuration
ocsp-responder ocsp-responder
pdf-summary-report pdf-summary-report
profile-group profile-group
profiles profiles
region region
report-group report-group
reports reports
rulebase rulebase
schedule schedule
service service
service-group service-group
setting setting
shared shared
threats threats
ts-agent ts-agent
url-admin-override url-admin-override
url-content-types url-content-types
user-id-agent user-id-agent
user-id-agent-sequence user-id-agent-sequence
user-id-collector user-id-collector
zone zone
admin@PA-200#
02-14-2013 11:12 AM
Follow these steps.
1 ) From the cli type
"set cli config-output-format set "
2) Now from the configuration mode type
"show network interface"
This will give you the configuration references where the sub-interface is referred.
For example I have done the same on my device and found out that my sub-interface ethernet 1/3.2 is referred in IPV6 routing settings as shown below.
ork interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement reachable-time unspecified
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement retransmission-timer unspecified
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement lifetime 1800
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement managed-flag no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement other-flag no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement enable-consistency-check no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very router-advertisement link-mtu unspecified
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very enable-dad no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very reachable-time 30
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very ns-interval 1
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 neighbor-disco
very dad-attempts 1
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 enabled no
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6 interface-id E
UI-64
set network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 adjust-tcp-mss no
Now I have used only one command to delete all these interface references which is
"delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6"
which removed all the references from IPV6 now I have deleted the sub-interface with out any issues as I have already removed the references in the config.
Try the same, find out the references and remove the same.
Thanks,
Sandeep T
02-14-2013 12:00 PM
Hi Sandeep T,
The command "delete network interface ethernet ethernet1/3 layer3 units ethernet1/3.2 ipv6" will only remove the ipv6 config lines, ipv4 and tag`s ++ wil still be on the interface.
I still get this message when trying to remove the interface:
admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
Server error : ethernet1/4.10 cannot be deleted because of references from:
import -> network -> interface
/kristian
02-14-2013 01:17 PM
go to configure mode.
type show zone,
Look for "set zone <zone name> network layer3 ethernet1/4.20"
try delete zone <zone name> network layer3 ethernet 1/4.20
02-14-2013 03:18 PM
I was able to delete the sub-interface even with the tag config. Did you remove the zones, IP config ? If not try to remove that as shown in this document.
https://live.paloaltonetworks.com/docs/DOC-2922
Thanks,
Sandeep T
02-14-2013 11:41 PM
Hi,
The zone configuration has already been removed:
admin@PA-200# show zone
set zone trust network layer3 ethernet1/2
set zone untrust network layer3 ethernet1/1
[edit]
admin@PA-200#
As you can see in the picture the is no Management Profile, vr, vlan tag or security zones configured on the interface.
/kristian
02-14-2013 11:47 PM
Interesting, so you do not have any configuration and it still shows references !! What does the output of the show network interface show ? any references to sub-interfaces ?
Thanks,
Sandeep T
02-15-2013 12:09 AM
Hi,
Here is the output of the show command:
admin@PA-200# show network interface ethernet ethernet1/4
set network interface ethernet ethernet1/4 link-speed auto
set network interface ethernet ethernet1/4 link-duplex auto
set network interface ethernet ethernet1/4 link-state auto
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
[edit]
admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
Server error : ethernet1/4.10 cannot be deleted because of references from:
import -> network -> interface
[edit]
admin@PA-200#
Now when I try to commit I get the error:
admin@PA-200# commit
..
network -> interface -> ethernet -> ethernet1/4 -> layer3 -> units -> ethernet1/4.10 constraints failed : tag is required
[edit]
admin@PA-200#
Now after putting the tag back on and after a commit, you can see the reference to the import -> interface here:
admin@PA-200> show config running
config {
devices {
localhost.localdomain {
network {
interface {
ethernet {
ethernet1/4 {
link-speed auto;
link-duplex auto;
link-state auto;
layer3 {
units {
ethernet1/4.10 {
tag 10;
}
}
}
}
}
}
vsys {
vsys1 {
import {
network {
interface [ ethernet1/3 ethernet1/4 ethernet1/1 ethernet1/4.10];
}
}
/kristian
02-15-2013 12:48 AM
can you do a commit force once using the command "commit force" and try deleting the interface once, if it does not work I would recommend you to open a case with support for further assistance on this.
Thanks,
Sandeep T
02-15-2013 12:53 AM
Looks the same... This might be a PA-200 issue, i`l try it on a bigger box when I get the time.
Thanks for all the help.
admin@PA-200# show network interface ethernet ethernet1/4
set network interface ethernet ethernet1/4 link-speed auto
set network interface ethernet ethernet1/4 link-duplex auto
set network interface ethernet ethernet1/4 link-state auto
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10 tag 10
[edit]
admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10 tag
[edit]
admin@PA-200# show network interface ethernet ethernet1/4
set network interface ethernet ethernet1/4 link-speed auto
set network interface ethernet ethernet1/4 link-duplex auto
set network interface ethernet ethernet1/4 link-state auto
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
[edit]
admin@PA-200# delete network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
Server error : ethernet1/4.10 cannot be deleted because of references from:
import -> network -> interface
[edit]
admin@PA-200# commit force
+ partial partial
<Enter> Finish input
admin@PA-200# commit force
..
network -> interface -> ethernet -> ethernet1/4 -> layer3 -> units -> ethernet1/4.10 constraints failed : tag is required
[edit]
admin@PA-200# show network interface ethernet ethernet1/4
set network interface ethernet ethernet1/4 link-speed auto
set network interface ethernet ethernet1/4 link-duplex auto
set network interface ethernet ethernet1/4 link-state auto
set network interface ethernet ethernet1/4 layer3 units ethernet1/4.10
[edit]
admin@PA-200#
08-14-2018 11:07 AM
Just ran into this. This worked:
delete import network interface ethernet1/4.10
04-30-2022 03:19 AM - edited 04-30-2022 03:21 AM
Follow the error message. The node it states the reference is at is Import > network > interface.
First off, viewing the config in XML is painful so I recommend doing
set cli config-output-format set
which will give you the config as set statements which are a tonne easier to read.
Type:
configure
show import network
You will probably still see the interface listed under interfaces still.
So to fix that you just do:
configure
delete import network interface ethernet1/4.20
This will remove that interface from the list and in turn remove the reference. You may find the subinterface is now deleted, but if not you should now be able to run the original delete command without it failing.
06-03-2024 08:45 PM
Also if you have pushed subinterface from Panorama to PA and you get this error
Failed to delete Ethernet Interface - . ethernet1/12.3402 cannot be deleted because of references from:, template -> Test -> config -> devices -> localhost.localdomain -> vsys -> vsys1 -> import -> network -> interface.
From Panorama Config mode
#delete template Test config vsys vsys1 import network interface eth1/12.3402
After this Command you will be able to delete the sub interface from Panorama and then Push the config to PA.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!