Re: Changing default VLAN used for MGMT to a different VLAN

John N · ‎03-20-2024

I have 8 Cisco 3850s that I need to change the default VLAN 1 (where the IP and mgmt reside) to another VLAN. I did this on a dummy switch and as soon as I delete VLAN 1 IP info I lost all connectivity. My question is if I create another VLAN and move over the IP from VLAN 1 default to a newly created VLA will it cause a duplicate error?

Reza Sharifi · ‎03-20-2024

My question is if I create another VLAN and move over the IP from VLAN 1 default to a newly created VLA will it cause a duplicate error?

For you to move over the IP to the new SVI, you would have to first delete it from the default vlan-1 and that will cause you to lose connectivity to the switch.

The easiest way is to console to the switch and make the change. If not you would need a second SVI with a new IP segment, log in using the new IP, and then move over the IP from vlan-1. Once all is done delete the SVI you created.

HTH

John N · ‎03-20-2024

Thanks. The first time I try to do it I did SSH in and that's where I lost connectivity. So, your saying create an SVI within the same subnet as the IP (for instance if the last 2 octets are currently 0.1 I should create 0.2)? If connectivity is fine on the SVI then should I delete the old IP from VLAN 1 and change the regular IP of the switch to the SVI?

Richard Burts · ‎03-20-2024

The OP tells us there are 8 switches where they want to move the management subnet to a different vlan. There are several things that we do not know that might impact on our advice:

- are these 3850 switches operating as layer 2 or as layer 3? If operating as layer 3 it would be pretty easy to access the switch using an IP on some vlan other than vlan 1, and then move the IP from vlan 1 to some other vlan interface. But my guess is that the switches are layer 2 which makes it a bit more complicated.

- does the OP need to keep the management address/subnet the same but just on a different vlan, or is it possible to use a different subnet for management purposes? It would be pretty easy if it could be a different IP/subnet. But my guess is that is should be the same IP/subnet just in a different vlan.

I agree with Reza that the easy way to do this would be to use a console connection. This would allow the OP to easily create a new vlan, remove the IP from vlan 1, and configure that IP on the new vlan interface. But if that is not feasible then I suggest using this approach:

- make sure that a machine that can function as a tftp/ftp server does have IP access to the switch to be changed.

- on the tftp/ftp machine create a text file that has the necessary commands to create the new vlan (if needed), create the SVI for the new vlan, remove the IP from vlan 1, assign the IP to the new SVI.

- access the switch to be changed and do these steps:

+ schedule a reload (reload in 10)

+ tftp/ftp the changes to running config on the switch

+ if the changes were correct and successful you should have or be able to reestablish connectivity to the switch and cancel the reload.

+ if the changes were not correct or not successful then you will have lost connectivity until the reload occurs at which point you are back at square one and can try again.

HTH

Rick

Ruben Cocheno · ‎03-20-2024

@John N

Create the new VLAN across all switches, assuming that you looking to use SVI across your L2 switches instead of using the OOB connected back to the Core.

Once you have the new VLAN, and L3 on the Core, start moving the Default Gateway of those L2 Switches

If you don't want to move to a new subnet, you must use a temporary VRF to move all L2 switches, shutdown the old VLAN and bring the new VLAN out of the VRF.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/