change of IP address

korbenda11as · ‎03-19-2009

I have attached a diagram of my connection. What I want to do is to use router A ip address to router B. Router A is located remotely that no one can handle it onsite. Im just doing remote connection to both routers. How I can use router A ip adr to router B w/o sacrificing router A connection. I heard of second ip, but i havent tried this one. Pls. help

Leo Laohoo · ‎03-19-2009

To put a second IP Address, do this ...

int f0/0

ip address yada.yada.yada.yada blah.blah.blah.blah secondary

Then once that is done, telnet into the secondary address and remove the 1st IP Address.

Or you can create a loopback IP Address and telnet into that IP Address too.

suryakant.chavan · ‎03-19-2009

we can't do as leolaohoo mention,

Router required to remove first secondary ip address before primary ip address.

Mohamad Qayoom · ‎03-19-2009

Can you not use loopback ip address either?

korbenda11as · ‎03-20-2009

is the loopback address which known via static route with next hop of 10.205.30.26 will also be unreachable once the ip addres of the interface was removed?

Leo Laohoo · ‎03-19-2009

Gee ... Ok.

Presume you got this ...

int f 0/0

ip address 1.1.1.1 255.255.255.0

ip address 1.1.2.1 255.255.255.0 secondary

and you want to delete the first secondary, so you put another network there like "ip address 1.1.3.1 255.255.255.0", get out and telnet into the 1.1.3.1 and do a "no ip address 1.1.2.1 255.255.255.0 secondary".

Otherwise, create a loopback address and telnet into that and put the 1.1.3.1 secondary as well as remove the 1.1.2.1 address. Does this make sense to you?

korbenda11as · ‎03-20-2009

but is the loopback address which is known only through the ip address of 10.205.30.26 will also be unreachable once the ip address of the interface was removed?

Giuseppe Larosa · ‎03-19-2009

Hello Oliver,

a secondary ip address on a lan interface can fix this issue.

you still keep both the primary and secondary ip address.

to reach RA from another ip subnet a static route pointing to RB primary ip address can be used or a dynamic routing protocol like RIP or EIGRP to advertise the secondary ip address block

Hope to help

Giuseppe

rpfinneran · ‎03-21-2009

Here is a generic process I have used many times to change the IP address of a remote router without loosing access. This works really well.

========================

PROCEDURE

========================

REMOTE - Enable telnet and ssh on VTY lines.

REMOTE - Remove any access class on VTY.

REMOTE - Schedule a reload for 10 minutes (In case something goes wrong, will restore access)

REMOTE - Add second static default route pointing out interface (ensure Unicast Reverse Path Forwarding isnt enabled on outbound interface first)

REMOTE - Remove any crypto map if applied. (Connectivity Lost)

HUB - Remove any crypto map from HUB if applied. (Connectivity Restored)

REMOTE - Change interface IP address. (Connectivity Lost)

HUB - Change interface iP address or VLAN assignment. (Connectivity restored)

REMOTE - Remove old static default route.

REMOTE - Add new static default using next hop instead of interface.

REMOTE - Remove static default that used interface.

REMOTE - Re-enable Unicast RPF if it was applied.

REMOTE - Re-apply crypto if used (Connectivity Lost)

HUB - Re-apply crypto if used (Connectivity Restored)

REMOTE - Add access class back to VTY.

REMOTE - Cancel Reload

REMOTE - Save Configurations.

rpfinneran · ‎09-12-2018

I am still getting likes for the above, but this is actually a quite dated approach. A couple other options exist that are more viable:

1. Put all configuration changes you need to make into a text file on flash memory, just as if you were going to copy and paste them into the device. You can use TCL to write directly to flash memory as follows:

tclsh

puts [open flash:changes.txt w+] {
<insert changes here just as if you were typing into config mode>
}

tclquit

Then, when ready to execute, just copy from flash to running config as follows:

copy flash:changes.txt running-config

This will perform a merge of the changes in the text file with the existing running configuration. As always, I recommend scheduling a reload and removing VTY line ACLs and AAA as a safety precaution.

2. Similar to the above, the configuration changes can be put into an EEM script that is triggered with "event none", which means it must be manually run by the engineer. Then you just run the script. This is more useful in cases where you may need to make and revert changes regularly. For example, in an MPLS L3VPN environment, I have an EEM script that modifies BGP policy to route a given location to its alternate internet access point, and a second EEM script to revert those changes. I keep them on the device so that I can regularly execute re-routes for various testing scenarios (such as transparent cyber security systems at alternate egress locations, etc). Just do a little googling to get the syntax of the EEM script, but the most critical element is to disable command authorization for your script and to ensure you understand the cli for EEM needs to elevate (enable) and enter configuration mode (conf t) before you execute the commands you want to do (i.e. the first two lines of the EEM should include 'cli command "enable"' and 'cli command "config t"'). You'll get the hang of it quickly, just do some testing of your EEM before deploying (run CSR1000v in VirtualBox or something like that).