Solved: 1 VLANs needs to be Transformed into 3 VLANs

Mohammed Yaseen Ansari · ‎11-13-2012

Hi,

In my network I have many PCs, Servers, Firewalls in VLAN 1 subnet (we have all Public IPs for all devices including PCs), but unfortunately these IPs don't belongs to my organization and wanted to move these IPs to our owned IPs. I'm migrating this default VLAN into standard and separate VLANs like for PCs/Cameras/Printers - VLAN 30, Servers - VLAN 50, PBX in VLAN 60.

PCs are assigned with DHPC Pool.

PCs will be migrated first.

What are the precautions I need to take and what will be the technical points have to review or take into mind during or before implementation of new VLANs creation and removing of default VLAN 1.

Thanks...

Yaseen

Rick Morris · ‎11-13-2012

With your set-up you can run in a parallel environment.

1. Create the new SVI's for your own IP block.

2. Verify connectivity end to end to make sure you can get to the network resources.

3. Plug in computer to a switchport and configure one switchport for the new vlan. and test

From a DHCP standpoint you will need a new DHCP scope either via DHCP server or configured on router/switch and you may need ip helper statements to point to the new server for DHCP

You can also have interfaces with secondary IP's that can help with the migration too if you do not have enough interfaces.

View solution in original post

Rick Morris · ‎11-14-2012

The short answer to your question is yes, as long as you have intervlan routing configured on a layer 3 device and no ACL blocking access you should be fine. Something needs to be running layer 3 for it to work. If you have all SVI's configured on a core router/switch and trunk all the VLAN's to the switch downstream where the PC's are connected then the routing of the traffic will flow from the downstream switch across the trunk to the core and then to the server. Again, prior to any migration I would configure and place a laptop on the downstream switch, configure an interface with the new VLAN and test end to end. Make sure that the vlan's are defined and if you trunk that the vlans are allowed across the trunk.

View solution in original post

Reza Sharifi · ‎11-13-2012

Hi,

You can create all your layer-2 vlans, SVIs, helper address, etc... ahead of time on all your switches. Then have an outage window to move the physical ports from vlan 1 to the new vlan.

You can use the interface range command if you are moving a lots ports:

example:

interface range gi2/0/1 - 24

switchport access vlan xx

HTH

Rick Morris · ‎11-13-2012

With your set-up you can run in a parallel environment.

1. Create the new SVI's for your own IP block.

2. Verify connectivity end to end to make sure you can get to the network resources.

3. Plug in computer to a switchport and configure one switchport for the new vlan. and test

From a DHCP standpoint you will need a new DHCP scope either via DHCP server or configured on router/switch and you may need ip helper statements to point to the new server for DHCP

You can also have interfaces with secondary IP's that can help with the migration too if you do not have enough interfaces.

Mohammed Yaseen Ansari · ‎11-14-2012

Thanks Rick...

One more query, We will be having phase by phase implementation i.e. PCs/Printers/Cameras will be migrated first into their respective VLAN i.e. VLAN 30.Later on Servers and PBX will be migrated.

Presently PCs are getting various access like Sharefolder, Intranetwork etc. through Servers authentication.

So my qeustion if I change the PCs IP from old to new one will it (Pc) be getting all the services since migration of Servers will be on later stage...

Rick Morris · ‎11-14-2012

The short answer to your question is yes, as long as you have intervlan routing configured on a layer 3 device and no ACL blocking access you should be fine. Something needs to be running layer 3 for it to work. If you have all SVI's configured on a core router/switch and trunk all the VLAN's to the switch downstream where the PC's are connected then the routing of the traffic will flow from the downstream switch across the trunk to the core and then to the server. Again, prior to any migration I would configure and place a laptop on the downstream switch, configure an interface with the new VLAN and test end to end. Make sure that the vlan's are defined and if you trunk that the vlans are allowed across the trunk.