Solved: Changing management vlan on 3750 switch

John Blakley · ‎11-04-2008

All,

My 3750 switch has about 5 subnets on it, and they are all in VLAN 1. I'm in the process of moving devices to different vlans, but it's not even going to get started good until after January. (It's our busy season.)

Is there a quick way that I can change my management vlan? Should I just create another VLAN and assign an SVI to it? Is there something else that should be done? I can't have any downtime, so whatever can be done during the day would be excellent.

Thanks!

John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎11-04-2008

Hello John,

in some cases of broadcast storm you can only access the switches via console and you may need to unplug a cable to break the loop as soon as possible.

From the point of view of accessing via telnet /ssh the switch you need an intermediate device and a packet originated in the same vlan and one originated in another vlan have the same chances to be received in the troubled vlan broadcast domain.

If the intermediate device has a valid ARP entry there is no real advantage on being on the same vlan as the TCP/IP stack of the switch.

Being behind a router or a firewall could even be an advantage because your workstations will not suffer the broadcast storm.

For example we have two NOCs, two NOC subnets and we can access devices in multiple sites only from these subnets.

Some provider implement an out of band management internetwork that is not on the path of user traffic but this is expensive.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎11-04-2008

Hello John,

if you can add a new IP subnet and a new Vlan you can:

example : vlan 55

create the vlan 55 at layer2

configure the associated SVI

the best choice would be to configure a VIP default gateway using two VLan subinterfaces (if you have two routers/multilayer switches at distribution level).

the router(s) have to advertise the new subnet.

then you add an SVI or routed interface in all devices that you want to manage in vlan 55.

Hope to help

Giuseppe

John Blakley · ‎11-04-2008

I've got other SVIs on this switch. I'm only concerned about moving the management vlan because we've been known to have broadcast storms in the past (reason I'm creating multiple vlans). If we have a broadcast storm, I'd want to be able to get in on the switch through a different vlan. Would remoting into the switch on a different vlan meet the same goal if a storm were to happen?

Thanks!

John

HTH, John *** Please rate all useful posts ***

Giuseppe Larosa · ‎11-04-2008

Hello John,

in some cases of broadcast storm you can only access the switches via console and you may need to unplug a cable to break the loop as soon as possible.

From the point of view of accessing via telnet /ssh the switch you need an intermediate device and a packet originated in the same vlan and one originated in another vlan have the same chances to be received in the troubled vlan broadcast domain.

If the intermediate device has a valid ARP entry there is no real advantage on being on the same vlan as the TCP/IP stack of the switch.

Being behind a router or a firewall could even be an advantage because your workstations will not suffer the broadcast storm.

For example we have two NOCs, two NOC subnets and we can access devices in multiple sites only from these subnets.

Some provider implement an out of band management internetwork that is not on the path of user traffic but this is expensive.

Hope to help

Giuseppe