Re-addressing Switches with New Management address and VLAN

Unanswered Question
Nov 19th, 2007
User Badges:

We will be shortly re-addressing our network and implementing a different Management VLAN. The current management VLAN is 1.


What I would like to know is what's the easiet way of doing the changes without possible having to visit every switch and consoling onto it?


Thanks


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
lgijssel Mon, 11/19/2007 - 05:20
User Badges:
  • Red, 2250 points or more

This something I have done often already. What you can do is this:


Create a script containing the modifications, something like:

ip default-gateway 1.2.3.254


int vlan 2 (or your new mgmt vlan id)

ip address 1.2.3.4 255.255.0.0

no shut


Then use the command: copy tftp run to transfer the commands to the switch using the old ip address. If I remember well, this shuts down vlan 1 or any other active mgmt vlan interface on a layer2 switch as it can have only one active mgmt interface.


Subsequently you can login to the switch on the new ip adress and manually remove the rest of the config on vlan 1 and issue a write.

Do not forget to modify your radius/tacacs if you have one and issue a clear arp to ensure that it can be resolved directly.


regards,

Leo

william.briere Mon, 11/19/2007 - 05:52
User Badges:

Hello,


I am readeing this and it relates well to what I need to do. I have a question though... What if we are using VTP? Is there anything else I need to consider?

Jon Marshall Mon, 11/19/2007 - 06:05
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

William


VTP is really only concerned with layer 2 so you could use VTP to propogate vlan 2 across your switches before you run the commands to change the management interface.


Jon

lgijssel Mon, 11/19/2007 - 06:08
User Badges:
  • Red, 2250 points or more

We are using VTP in most cases, this makes no difference except the fact that the vlan must exist in the vtp domain to allow full connectivity.

This to consider:

Test your script on a test switch or one that is easily accessible.

Familiarize yourself with the procedure. You only get one chance to change the adress in this way, be sure all is correct.

Like I stated before, be aware of arp issues in relation with radius or tacacs. The old entry remains cached when you change it like this. Clear the arp cache on any connectivity issues.

User vlans are not affected so this can even be done under office hours.


regards,

Leo

william.briere Mon, 11/26/2007 - 09:27
User Badges:

Hello,


I have a silly question...


What if I wanted to have a whole bunch of loopback interfaces individually on our switches for management instead of these interface vlans? Is this a bad idea?


I'm not exactly sure how it would work though... We use VTP server (one on each) on each of our 6500's using GLBP. Would I create the interface vlans on each of the 6500's so they would get propagated in VTP? Or would I just create the loopback interfaces with IP's all in the same network?


Can someone suggest something?


Points to consider... (This is where we need the management)


We have 6500's at the Core (VTP Servers)

We have 4948's at the distribution layer (VTP Clients)

We have Nortel Baystacks and 2950's and 2960's in the risers (VTP Clients)


Thanks in advance :)

vanguardro Mon, 11/26/2007 - 10:19
User Badges:

hello,


if you really need to use LO interface, you can do it only on L3 switches (6500 & 4948 in your case)


one method to do this will be to activate ip routing engine on L3 switches, and also you can use one routing protocol or static routes.


let suppose you already have vlan 10 for management and your eigrp is up and running on your 6500switches,

we can use this vlan for routing between L3 switches


for example:

ip routing

!

router eigrp 10

no auto-summary

network 172.16.2.15 255.255.255.255

network ip-address-from-management-vlan

!

int lo 10

no shut

ip address 172.16.2.15 255.255.255.255

!


i hope this answer will be helpfully


Bogdan



william.briere Mon, 11/26/2007 - 10:33
User Badges:

So no loopbacks then... :(


I want to have a consistent way to manage these layer two (Nortel's, 2950's, 2960's, and 4948's) and layer 3 6500's.


If I add a Vlan Interface on each of the VTP servers, the 6500's, (Say Vlan 251) How would it work? Would I add it like a regular Vlan interface? Use the 1st IP for the first VTP instance and the second IP for the second?


I guess I'm a bit confused on how this would work... Maybe


6500 #1 (They are both connected using GLBP)

Int Vlan 251

IP Address 192.168.251.1 255.255.255.0


6500 #2

Int Vlan 251

IP Address 192.168.251.2 255.255.255.0



That is really the part I'm not sure about?? If the full C class network for 251 is used for management... Do I just add the IP's to all of the switches and the 6500's one at a time and increment them?



glen.grant Mon, 11/26/2007 - 14:51
User Badges:
  • Purple, 4500 points or more

Yes you would use the rest of the address space . You have a lot of other stuff you will to do too.


1. Add new layer 2 vlan 251 to 6500 vtp server

2. Add layer 2 vlan to trunk .

3. Change the layer 3 SVI interface to the new vlan and add your ip addressing on that new layer 3 SVI on your 2950's .

4. Set spanning tree for the new vlan up on the 6500's.



vanguardro Mon, 11/26/2007 - 14:57
User Badges:

hello


i will suppouse, all your switches a part of same vtp domain, and 6500have server role, rest of them have client role in your vtp domain.

you can create vlan 251 us your management vlan on 6500 switches:

!

vlan 251

name management

!


after that you will need to create interface vlan 251 and assign some ip address to this one and also don't forget to create hsrp for this network


on first 6500:

!

int vlan 251

ip address 192.168.251.10 255.255.255.0

no shut

standby 1 ip 192.168.251.1

!


on second 6500:

!

int vlan 251

ip address 192.168.251.11 255.255.255.0

no shut

standby 1 ip 192.168.251.1

!


on next switches you can assign ip address from 192.168.251.20 to 253

also default gateway will be 192.168.251.1 for all your Layer 2 switches

!

ip default-gateway 192.168.251.1

!

int vlan 251

ip address 192.168.251.20 255.255.255.0

no shut

!


best regards,

vanguardro


Actions

This Discussion