网络工程 - 子接口的 Cisco ASA startup-config 命令排序 - 吾爱随笔录

关于此论坛上的另一个问题，在保留其余配置的同时移动 Cisco ASA 上的接口名称，我修改了 Cisco ASA 5525-X 上的启动配置，从...

!    
interface GigabitEthernet0/0    
 channel-group 1 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/1    
 channel-group 1 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/2    
 channel-group 2 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/3    
 channel-group 2 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/4    
 channel-group 3 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/5    
 channel-group 3 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/6    
 description LAN Failover Interface    
!    
interface GigabitEthernet0/7    
 description STATE Failover Interface    
!    
interface Management0/0    
 management-only    
 nameif management    
 security-level 75    
 no ip address    
!    
interface Port-channel1    
 lacp max-bundle 8    
 nameif outside    
 security-level 0    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx     
!    
interface Port-channel2    
 lacp max-bundle 8    
 nameif DMZ    
 security-level 50    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx     
!    
interface Port-channel3    
 lacp max-bundle 8    
 nameif inside    
 security-level 100    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx     
!

到...

!    
interface GigabitEthernet0/0    
 channel-group 1 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/1    
 channel-group 1 mode active    
 no nameif    
 no security-level    
 no ip address    
!    
interface GigabitEthernet0/2    
 no nameif    
 no security-level    
 no ip address    
 shutdown    
!    
interface GigabitEthernet0/3    
 no nameif    
 no security-level    
 no ip address    
 shutdown    
!    
interface GigabitEthernet0/4    
 no nameif    
 no security-level    
 no ip address    
 shutdown    
!    
interface GigabitEthernet0/5    
 no nameif    
 no security-level    
 no ip address    
 shutdown    
!    
interface GigabitEthernet0/6    
 description LAN Failover Interface    
!    
interface GigabitEthernet0/7    
 description STATE Failover Interface    
!    
interface Port-channel1    
 lacp max-bundle 8    
 nameif outside    
 security-level 0    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx     
!    
interface Port-channel1.60    
 nameif DMZ    
 security-level 50    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx    
 vlan 60    
!    
interface Port-channel1.40    
 nameif inside    
 security-level 100    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx    
 vlan 40    
!

重新加载 ASA 后，子接口创建成功。然而，虽然我的配置文件为子接口指定了名称，但运行配置显示了一个no nameif指令，并且所有相应的配置元素都已被删除。

经过一些研究，我相信我的问题在于我的启动配置中的命令顺序。例如：

! WRONG
interface Port-channel1.60    
 nameif DMZ    
 security-level 50    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx    
 vlan 60    
!

本来应该...

! CORRECT
interface Port-channel1.60    
 vlan 60
 nameif DMZ    
 security-level 50    
 ip address xxx.xxx.xxx.xxx 255.255.255.xxx standby xxx.xxx.xxx.xxx    
!

命令的顺序是我的问题还是我遗漏了其他东西 - 例如 5525-X 的固有限制？

我正在运行 ASA 版本 9.3 (2)