Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2026
Views
15
Helpful
9
Replies

Changing Vlan of a running network

Go to solution
rajesharihant
Level 1
Level 1

‎09-20-2020 04:33 AM

Dear Experts, 

 

I have a network, which is spread across multiple areas, all connected to a central location. 

Individual area have their dedicated L2 Switch and connected to the central L2 Switch. Making all nodes accessible from central location. 

All network switches/nodes are configured in default Vlan1. 

 

Is there a way, where I can change this Vlan1 to Vlan50 - without loosing the connectivity?

 

Or how to accomplish this with least impact on the connectivity?

 

Regards,

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to rajesharihant

‎09-21-2020 06:23 PM

Rajesh

 

Thanks for the additional information, which is helpful. If it continues to be a single flat network, and continues to have a single IP subnet/network, and if all devices in the network are manually configured, and if all ports are access ports with no trunk ports, and if the switches do support the range command then I believe that my suggestions should work. 

 

As you use the range command to change all of the access ports on a switch, it is possible that the ports will do a reset and then re-activate. So there might be a slight interruption in service. But I believe it would be so quick that users are not likely to notice.  I would suggest changing each of the remote switches before you change the central switch.

 

We should address the vlan interface for vlan 1. You probably should create a vlan interface for vlan 50 and transfer the IP address from interface vlan 1 to interface vlan 50.  Since this IP address is for management purposes on the switch changing it should not have any impact on user traffic being forwarded by the switch.

 

You do ask an interesting question about the effect of configuring vlan 50 on a remote switch when the central switch has no vlan 50. I had tried to address this before but apparently was not very clear. So let me try again. Whether an Ethernet frame is associated with vlan 1 or with vlan 50 makes a difference in only 2 circumstances:

1) if a switch has some ports assigned to vlan 1 and some other ports assigned to vlan 50. In that case an Ethernet frame received on a vlan 1 port can be forwarded only to another port in vlan 1 and can not be forwarded to a port in vlan 50. (and similarly an Ethernet frame received on a vlan 50 port can be forwarded to a vlan 50 port but not to a vlan 1 port). This is the reason that using the range command is  important - we need to change all the ports at the same time.

2) if a switch has a trunk port then Ethernet frames sent over the trunk will have vlan membership information carried in the vlan tag so that the receiving switch can know which vlan the frame can be forwarded to. 

But your environment has neither of these conditions.

 

So let us think about how it will work if you have converted a remote switch (switchR) from vlan 1 to vlan 50 and have not converted the central switch (switchC) so it has only vlan 1. So some device on switchR sends an Ethernet frame which needs to be forwarded to the central switch. switchR says here is a frame in vlan 50 and I am sending it out the access port connecting to switchC. switchC receives the frame on an interface in vlan1 and says here is a frame in vlan 1, so where do I need to forward it. switchR is only aware of vlan 50 and switchC is only aware of vlan 1 and traffic will flow between them with no problem (and no recognition that the vlan changed).

HTH

Rick

View solution in original post

0 Helpful
9 Replies 9

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-20-2020 04:43 AM - edited ‎09-20-2020 04:45 AM

The short answer NO - without small outage of the network. But you can Build VLAN 50 and migrate them is an alternative option.

make changes in Big way may cause different side effects and instability of nework, keeping 1 broadcast domain of L2 is not good.

 

 

1. how is your IP address schema for these networks?

2. each remote location has a different range?

3. Now you get the opportunity to make them a good way.

 

here is a suggestion.

 

1. Make different VLANs in each remote location.

2. Move the Subnet in to that VLAN, make changes related to that remote office

3. based on learning lessons move to other location is the safe approach.

 

another big bang approach is - with network convergence downtime.

 

Populate VLAN 50 other switches, shutdown VLAN1 in central and bring VLAN 50, make necessary changes at access port vlan 1 to vlan 50 - is this works? but make sure you take enough precautions.

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎09-20-2020 11:05 AM - edited ‎09-20-2020 11:06 AM

The original post tells us that this is a very flat network. Multiple areas with multiple L2 switches connecting to a core L2 switch and everything is in vlan 1. The question is "Is there a way, where I can change this Vlan1 to Vlan50 - without loosing the connectivity?". 

 

@balaji.bandi makes what I think is a very good suggestion that this is an opportunity to make the network not flat, but to have per area vlans. I agree that this would seem to be a good thing to do. But that does not address the original question.

 

There are some things that we do not know about the network and they might impact answers that we might give:

- what is the IP addressing plan. It seems likely that it is one single subnet/network. But it would be good to know this.

- how do devices in the network get their IP address? is it manually configured? Or is there DHCP in the network?

- are all the ports on the L2 switches access ports? And are all the switch to switch to switch connection access ports and not trunks?

- do the L2 switches support the range option in configuring interfaces?

 

Depending on answers to those questions I believe that, in fact, there is a way to change from vlan 1 to vlan 50 without losing connectivity. The key to this solution is to recognize that the standard Ethernet frame does not contain information about vlans. So if all the ports in switchA are in vlan 50 and all the ports in switchB are in vlan 1, and the connection between switchA and switchB is an access port then we have a single broadcast domain and any port in switchA can communicate with a port in switchB with no problem (because receiving a frame from the neighbor does not indicate what vlan it belonged to). 

 

So my suggestion for a solution is this:

- on each L2 switch configure vlan 50

- on a switch at a time use the interface range command to assign all of the ports on the switch to vlan 50.

The result of this would be a network that is still very flat and where all of the ports belong to vlan 50.

HTH

Rick

Go to solution
rajesharihant
Level 1
Level 1
In response to Richard Burts

‎09-20-2020 09:00 PM

HelloRichard, 

 

your questions are valid. 

- what is the IP addressing plan. It seems likely that it is one single subnet/network. But it would be good to know this. - Yes They are. 

- how do devices in the network get their IP address? is it manually configured? Or is there DHCP in the network? - No DHCP. Manual-Static.

- are all the ports on the L2 switches access ports? And are all the switch to switch to switch connection access ports and not trunks? - They are all Access. as they all belong to Vlan1 with single subnet mask-there is no trunk between switch to switch. 

- do the L2 switches support the range option in configuring interfaces? - Its 2960, so yes they do. 

 

Default Vlan1 is configured with IP address, and all ports belongs to this. the network/switch doenst have any other vlan. 

 

If I take a remote switch. 

1st configure Vlan50 - assign IP to the vlan with one of the address which belongs to the same network. 

2nd run the range command to transfer all ports to Vlan50 

Would it still continue to connect with the central switch which has no Vlan50 but only vlan1. 

 

appreciate your support - as you elaborate is seems its possible perhaps. 

 

Regards,

Rajesh

 

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to rajesharihant

‎09-21-2020 06:23 PM

Rajesh

 

Thanks for the additional information, which is helpful. If it continues to be a single flat network, and continues to have a single IP subnet/network, and if all devices in the network are manually configured, and if all ports are access ports with no trunk ports, and if the switches do support the range command then I believe that my suggestions should work. 

 

As you use the range command to change all of the access ports on a switch, it is possible that the ports will do a reset and then re-activate. So there might be a slight interruption in service. But I believe it would be so quick that users are not likely to notice.  I would suggest changing each of the remote switches before you change the central switch.

 

We should address the vlan interface for vlan 1. You probably should create a vlan interface for vlan 50 and transfer the IP address from interface vlan 1 to interface vlan 50.  Since this IP address is for management purposes on the switch changing it should not have any impact on user traffic being forwarded by the switch.

 

You do ask an interesting question about the effect of configuring vlan 50 on a remote switch when the central switch has no vlan 50. I had tried to address this before but apparently was not very clear. So let me try again. Whether an Ethernet frame is associated with vlan 1 or with vlan 50 makes a difference in only 2 circumstances:

1) if a switch has some ports assigned to vlan 1 and some other ports assigned to vlan 50. In that case an Ethernet frame received on a vlan 1 port can be forwarded only to another port in vlan 1 and can not be forwarded to a port in vlan 50. (and similarly an Ethernet frame received on a vlan 50 port can be forwarded to a vlan 50 port but not to a vlan 1 port). This is the reason that using the range command is  important - we need to change all the ports at the same time.

2) if a switch has a trunk port then Ethernet frames sent over the trunk will have vlan membership information carried in the vlan tag so that the receiving switch can know which vlan the frame can be forwarded to. 

But your environment has neither of these conditions.

 

So let us think about how it will work if you have converted a remote switch (switchR) from vlan 1 to vlan 50 and have not converted the central switch (switchC) so it has only vlan 1. So some device on switchR sends an Ethernet frame which needs to be forwarded to the central switch. switchR says here is a frame in vlan 50 and I am sending it out the access port connecting to switchC. switchC receives the frame on an interface in vlan1 and says here is a frame in vlan 1, so where do I need to forward it. switchR is only aware of vlan 50 and switchC is only aware of vlan 1 and traffic will flow between them with no problem (and no recognition that the vlan changed).

HTH

Rick
0 Helpful

Go to solution
rajesharihant
Level 1
Level 1
In response to Richard Burts

‎09-21-2020 09:15 PM

Dear Rick, 

 

What a detailed explanation! Many Thanks for your time and support and sharing your knowledge/experience. 

I will try this solution no one of the least important remote switch and shall update you the results-as a feedback. 

 

Regards...

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to rajesharihant

‎09-22-2020 11:04 AM

Rajesh

 

You are very welcome. Please do let us know about the results as you test and implement my suggestions. I am glad that my explanations and suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful

Go to solution
rajesharihant
Level 1
Level 1
In response to balaji.bandi

‎09-20-2020 09:02 PM

Dear Balaji, 

 

Thanks for your reply. 

1. how is your IP address schema for these networks? - Just one subnet mask for all switch/all nodes. 

2. each remote location has a different range? - No.

3. Now you get the opportunity to make them a good way. - We prefer not to - Just to change the Vlan to other then 1 is the goal. 

 

It would be really helpful, if you can advice on a suggestion that may work without any loss of connectivity. 

 

Regards,

Rajesh.

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-21-2020 01:18 AM - edited ‎09-21-2020 01:19 AM

If there is no other option you have, business decided to change only VLAN 1 to VLAN 50

 

1. Create a  VLAN 50 on all switches (if this is not VTP environment)

2. Allow  VLAN 50 in all Trunk (if you configured allowed VLAN list in Trunk) - if not only configured as trunk, then all VLAN allowed, but worth checking.

3. On Core Switch where VLAN SVI resides, Create a VLAN 50 SVI interface shutdown mode with IP addres of same VLAN 1

4. On the Access Switch ( of other locations)  One thing we are not clear, how your Manangment Switch config, what IP address you manage ?  - This is tricky part If your Management VLAN also vlan 1, (Do you have physical access to these other location switches ? how far ?) you can console to change vlan 1 to vlan 50 Manangment interface where required. - in case if you change lost access ?

5. you may have script ready for all the switch with range command to change from Vlan1 to Vlan 50- change VLAN iconfig and VLAN interface config - test and advise.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
rajesharihant
Level 1
Level 1
In response to balaji.bandi

‎09-21-2020 09:16 PM

Dear Balaji, 

 

Many Thanks for your support and sharing your experience/knowledge. 

I will give your feedback, based on my progress.

 

Regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents