Management VLAN migration advice

michael.hutt · ‎06-09-2010

Hey everyone,

Our current network is comprised of about 50 Cisco switches, all C2950s or C2960s, with a C6500 and C3750 stack at the core.

Because our network had components from another vendor, the previous network administrator decided to use VLAN 1 as the management VLAN. The IT supervisor here made mention of changing all the switches over to a different VLAN for security reasons. Is there an "easy way" to do this, or am I looking at creating a new VLAN and interafce at the core and then connecting to each individual switch in order to create their vlan interfaces and activate them, sweating the whole time because I just lost connectivity?

I don't also suppose there's any way to do this while not changing the subnets and IP addresses? (otherwise I'd be looking at redoing all of my documentation and automated backup/monitoring services)

I make sure that no ports on the switches are configured for VLAN 1 (typically 1 VLAN/subnet per switch/area and unused ports go to a dummy VLAN), so in reality, it only exists on the trunks which, being fiber optic, are a bit hard to splice into with no-one noticing. Is it something I should really be concerned about?

francisco_1 · ‎06-09-2010

For your Core routing devices, you could use loopback interface to manage those devices instead of vlan!.

For your none routing switches, you will need to have an vlan in the vtp database (create a new dedicated vlan for mgt) and SVI for that vlan for mgt connectivity. You could do it stages.

Francisco.