Changing VLAN, but keeping same IP.

Unanswered Question
Jun 9th, 2009

Hi.

I have taken over a poorly designed network, all based on VLAN 1. I also have some very chatty servers, which I'd like to isolate. I know I cannot use private VLANs on VLAN 1, so will need to change to VLAN x and create private VLAN y.

I'm happy about creating the VLANs, but I will not be able to change IP addresses. Is it possible to change the IP from VLAN 1 to VLAN x remotely. A quick trial in my lab, obviously disconnects me when I put in 'no ip address' in VLAN 1, and if I were to duplicate the ip address in VLAN x, it comes up with 'xx.xx.xx.xx overlap with Vlan 1'

I will have to do any work out of hours, and physical access is out of the question during these times.

I do have CiscoWorks available, if it helps.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
John Blakley Tue, 06/09/2009 - 06:46

I've never done this, but if this is a layer 3 switch, you may be able to create another vlan for management only. Telnet into that vlan and then remove the address from your vlan 1 and configure everything through your management vlan.

HTH,

John

Bernard Steadman Tue, 06/09/2009 - 07:17

Hi John.

Thanks for your reply.

I have a mixture of 4006s, 3550s, 3750s, a 6509, but I also have a number of 3508s which are L2 only. If need be, I'd redo the 3508s manually during normal hours.

I ideally need to maintain the original IP address for various reasons.

As far as I can see, you are suggesting a new subnet for the management. Whilst I normally build this into new networks, I'm not able to for 'political' reasons with my (people) management.

Bernie

Jon Marshall Tue, 06/09/2009 - 07:38

Bernie

The extra vlan doesn't need to be permanent in terms of a management vlan. It just needs to be there long enough for you to log in to the switch on that vlan, shutdown vlan 1 and then readdress the new vlan with vlan 1's existing IP address.

Then you still only have one vlan but with the correct IP address.

Jon

Jon Marshall Tue, 06/09/2009 - 06:46

Bernard

Are you referring to just changing the vlan 1 interface that is responsible for routing vlan 1 ?

What i mean is how many switches do you need to update. If the switches are just L2 do they have a vlan 1 interface that is for management.

Also how does the routing work when you access remotely ?

Jon

nate-miller Tue, 06/09/2009 - 06:48

Can you add a separate 'management VLAN'?

I'm not sure how this switch is connected to the rest of your network- if it's a trunk, you'll need to make sure that both VLAN 1 and the new VLAN are allowed on the trunk. If it's not a trunk, you'd need to not only change the IP address on the VLAN, but change the "switchport access" statement simultaneously.

If you've got a lab, or are very confident in your configuration skills- you can draft a config and copy it to startup via TFTP. Reload the switch, and it should come up properly configured. (Make sure the new VLAN is in the database, you've got your uplink in the new VLAN, and the IP address is correct!)

A more tedious way to do it:

On remote switch, create temporary management L3 interfaces

Issue "reload in 5" command on remote switch.

On remote switch, convert uplink to trunk with VLAN 1 and the temporary network.

On router/central switch, convert uplink to trunk with VLAN 1 and the temporary network on it.

Connect to remote switch via IP on temporary network.

cancel the reload command.

Shut down VLAN 1.

Re-address on new VLAN.

Start removing trunk in reverse order, if necessary.

jim.johnson Tue, 06/09/2009 - 11:35

For L2 only switches; Log into each switch and create the appropriate vlan(s): (ie vlan-database on old switches, conf t/ vlan x on newer code.) wr mem

Next, backup the configs from each switch. Use your favorite text editor to modify the ip address/mask/ default gateway and vlan numbers for the management interfaces. Copy the new file to startup (ie copy tftp: startup), reload the switch. keep in mind you must be careful to ensure all physical ports are assigned to the correct VLAN as well as the management interface. For l3 switches, create a temporary vlan and interface, assign an IP to this interface and ensure you can ssh/telnet into it. Then you can adjust the interfaces while logged in. This is safer than the file method, but since you can have only 1 active L3 interface on most of the L2 switches, the file method may be your best option. Keep in mind you really need to be careful about the order in which you make changes to ensure you don't cut off your access to some or all of the switches.

regards,

j

Bernard Steadman Wed, 06/10/2009 - 04:08

Thank you all for your responses.

I will go down the temporary vlan with a temporary IP and reallocate onto a new permament vlan for the L3 switches and copy config to startup for the L2 and reload.

Quite a simple soloution now you think about it. :-)

Thanks again.

Bernie

Actions

This Discussion