Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

What's the easiest way to create a new VLAN and then move all existing devices to it?

One of our locations was implemented using VLAN1 as the main (native) VLAN. My goal is to create a new sub-interface on the router and then move all the existing switches (all Layer 2) into the new VLAN, without disrupting the network (and remotely). I am trying to determine the best way to proceed. Thanks.

VIP Super Bronze

Make sure you are not using

Make sure you are not using vlan 1 to get to the switches if you want to do this remotely.  Once in create a new vlan on all switches that need to have it. example:

config t

vlan 3

name new-data-vlan


 Add vlan 3 to all trunks, create the sub-interface, with IP, dot1q, etc.. and finally add the access ports to the new vlan.  By defaults all ports are in vlan 1 so if you want to add an interlace to vlan 3, all you have to do is add

"switchport access vlan 3"

to the interfaces


Community Member

Thank you for your answer. At

Thank you for your answer. At the beginning, you said 'make sure you aren't using vlan1 to get to the swiches.' Unfortunately, I am using vlan1 to get to the switches. That's the reason for this post (sorry if I wasn't clear). I am trying to find a way to create a new vlan and then bridge it with the only one temporarily (or whatever needs done), to be able to swap them to the new vlan before I remove/shutdown vlan1.

VIP Super Bronze

If you can, put the PC/laptop

If you can, put the PC/laptop in a different vlan (vlan2) login to devices and make the changes from vlan 1 to vlan x.  This way, you don't have to worry about loosing your session with vlan 1.



Community Member

I wanted to shed a little

I wanted to shed a little more light on the situation. The "new" VLAN has actually been in existence since the network was initially setup. The network runs VTP and the new VLAN already has an interface on the router and already shows up on all the switches when you do a "sh vlan" command. We have about 10 VLANs in all. In reality, I am simply trying to migrate about 8 switches from VLAN1 (which they never should have been on) to the new VLAN. I know that I need to create an interface for the new VLAN on each of the switches and then swap the management IP to that interface. If I could connectly directly into each switch via the console port, this would be a simple task. However, the switches are in extremely remote locations with special circumstances, thus I have no physical access to them. This fact has me a little reluctant to making the changes, as we can't afford any mistakes that would potentially cause network downtime. I am looking for some guidance on exactly the steps to take to achieve my goal. Let's call the new vlan, VLAN2. During testing, I logged into a local switch that was on VLAN1 (that's where it had it's management address). It did have VLAN2-VLAN10 as well, via VTP. I created an interface for VLAN3 on the switch and then accessed it via VLAN3 to swap the main management interface from VLAN1 to VLAN2. The changes took, but I couldn't access it via VLAN2. I am assuming this is because the router still has VLAN1 listed as the native vlan and the VLAN2 IP address is still assigned to VLAN1 on the router. What would be the best way for me to make the required changes on the 8 switches that need swapped, without losing remote access? It wouldn't hurt if the network went down for 5 minutes or less, but we can't have a big outage. Thanks.

Community Member

I guess that I could copy the

I guess that I could copy the current config to a tftp server, make the required changes, and then tftp it back to the startup-config. I could do that for each of the 8 switches and then reboot them all at once. The router shouldn't need to be rebooted...


   correct that might be the

   correct that might be the easiest way.  Modify the file and substitute the new vlan for vlan 1 on the routers link , checking to make sure the native vlans and all other parameters match up .  Make sure the default gateway command on the switch is also changed to reflect the new address  and the new vlan is allowed on the trunk if you aren't allowing everything.  Obviously you don't want to do them all at once , try one and make sure everything goes as planned before going on to the next one.

Community Member

I finally got this project

I finally got this project done. The biggest issue that I ran into was a few of the switches weren't trunked on the ports that connected them to each other. Thanks to everyone for their input and suggestions.

CreatePlease to create content