Changing management vlan on 3750 switch

Answered Question
Nov 4th, 2008
User Badges:
  • Purple, 4500 points or more

All,


My 3750 switch has about 5 subnets on it, and they are all in VLAN 1. I'm in the process of moving devices to different vlans, but it's not even going to get started good until after January. (It's our busy season.)


Is there a quick way that I can change my management vlan? Should I just create another VLAN and assign an SVI to it? Is there something else that should be done? I can't have any downtime, so whatever can be done during the day would be excellent.


Thanks!

John

Correct Answer by Giuseppe Larosa about 8 years 6 months ago

Hello John,

in some cases of broadcast storm you can only access the switches via console and you may need to unplug a cable to break the loop as soon as possible.


From the point of view of accessing via telnet /ssh the switch you need an intermediate device and a packet originated in the same vlan and one originated in another vlan have the same chances to be received in the troubled vlan broadcast domain.

If the intermediate device has a valid ARP entry there is no real advantage on being on the same vlan as the TCP/IP stack of the switch.

Being behind a router or a firewall could even be an advantage because your workstations will not suffer the broadcast storm.


For example we have two NOCs, two NOC subnets and we can access devices in multiple sites only from these subnets.


Some provider implement an out of band management internetwork that is not on the path of user traffic but this is expensive.


Hope to help

Giuseppe




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Tue, 11/04/2008 - 11:59
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

if you can add a new IP subnet and a new Vlan you can:

example : vlan 55

create the vlan 55 at layer2

configure the associated SVI


the best choice would be to configure a VIP default gateway using two VLan subinterfaces (if you have two routers/multilayer switches at distribution level).

the router(s) have to advertise the new subnet.


then you add an SVI or routed interface in all devices that you want to manage in vlan 55.


Hope to help

Giuseppe


John Blakley Tue, 11/04/2008 - 12:03
User Badges:
  • Purple, 4500 points or more

I've got other SVIs on this switch. I'm only concerned about moving the management vlan because we've been known to have broadcast storms in the past (reason I'm creating multiple vlans). If we have a broadcast storm, I'd want to be able to get in on the switch through a different vlan. Would remoting into the switch on a different vlan meet the same goal if a storm were to happen?


Thanks!


John

Correct Answer
Giuseppe Larosa Tue, 11/04/2008 - 12:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello John,

in some cases of broadcast storm you can only access the switches via console and you may need to unplug a cable to break the loop as soon as possible.


From the point of view of accessing via telnet /ssh the switch you need an intermediate device and a packet originated in the same vlan and one originated in another vlan have the same chances to be received in the troubled vlan broadcast domain.

If the intermediate device has a valid ARP entry there is no real advantage on being on the same vlan as the TCP/IP stack of the switch.

Being behind a router or a firewall could even be an advantage because your workstations will not suffer the broadcast storm.


For example we have two NOCs, two NOC subnets and we can access devices in multiple sites only from these subnets.


Some provider implement an out of band management internetwork that is not on the path of user traffic but this is expensive.


Hope to help

Giuseppe




Actions

This Discussion