All IPs, AS numbers, OSPF areas, etc., have been sanitized for this post. None are currently in production.

- I have a subnet at a remote network that I need to extend from a /24 to a /23.
- We have two circuits at this site: a primary MPLS going to our Cisco router, and a secondary broadband going to a firewall for backup VPN tunnel.
- Networks are advertised on the router using BGP and OSPF

My plan was to:

1. Write mem on the router
2. Set reload in 10 just in case something happens
3. Change router interface gi0/0.1 from:
ip address 10.10.10.1 255.255.255.0
to ip address 10.10.10.1 255.255.254.0
4. Change mask on OSPF advertisement from 0.0.0.255 to 0.0.1.255
6. Change mask on BGP advertisement from 255.255.255.0 to 255.255.254.0
7. Move on to changing network settings on the firewall interface, switch management IPs, DHCP, etc.

Well, I got through steps 1 and 2 okay.

But as soon as I changed the ip subnet ((config)#ip address 10.10.10.1 255.255.254.0) on the Gi0/0.1 interface, I lost connectivity to the router, and after a few seconds our VPN backup tunnel activated. After the VPN came up, I could ping the router, but not SSH.

After 10 minutes the router reloaded and things went back to normal shortly thereafter.

So, I'm wondering where I went wrong?

- I am wondering if because I didn't change the OSPF and BGP advertisements first, this caused the VPN tunnel to come up, killed my connection to the router, and then I couldn't SSH into it because of some VPN rule on the firewall? Should I change the OSPF and BGP masks before I change the interface mask?

- Or if changing the mask on the Gi0/0.1 interface broke the routing in some other way? The router "LAN" interface is connected to the firewall. Maybe I should have changed the firewall interface first?

What is the recommended order of doing this? Google/YouTube makes it sound easy, but obviously I am missing something.

Thanks