Solved: Changing managment Vlan, maintaning IP

eyazhuk · ‎05-29-2019

Hi, colleagues.

I have a task of changing managment Vlan for all devices in the network.

It's rather simple with L3 devices, but some kind of puzzle with access switches, which are 2960 in my company.

Catch is: i have to maitain the IPs, but move it to another interface remotely (via ssh).

So, I can't just do something like

Interface Vlan1
no ip-address
Interface Vlan2
ip address ***

cause I will loose connectivity on removing address from Vlan1.

Only possibility I see is - making some temprorary interface with temrorary address, than connect to it, move main address, and remove all temp stuff. But it'll take a bunch of time in case of 100+ devices.

It there another way to solve this? Some delayed config load, which will make it possible to load several commands at once, or some "move ip" possibilty?

Seb Rupik · ‎05-29-2019

The play would be something like this:

copy running tftp://10.10.10.1/device001.cfg

Now on the server (10.10.10.1) edit the file device001.cfg with the changes you want....remove VLAN1 SVI, create VLAN2 SVI and add IP address (also add the VLAN to the DB and make sure you are trunking it to where it need to go!)

Copy the edited config back to the switch:

copy tftp://10.10.10.1/device001.cfg startup

Now, ensure the system clock is correct and schedule a reload out of hours:

reload at 23:00

cheers,

Seb.

View solution in original post

Seb Rupik · ‎05-29-2019

Hi there,

I'd suggest using an EEM script:

event manager applet re-ip-interface
  event none
  action 0.1 cli command "enable"
  action 0.2 cli command "conf t"
  action 0.3 cli command "int vlan1"
  action 0.4 cli command "no ip address"
  action 0.5 cli command "int vlan2"
  action 0.6 cli command "ip address 192.168.0.254 255.255.255.0"

Then from the CLI you run it with: event manager run re-ip-interface

Cheers,

Seb.

eyazhuk · ‎05-29-2019

Thanks, Seb!
EEM seems very useful, and I'll definitely use it in some other cases.
But unfortunately 2960 doesn't support it.

Seb Rupik · ‎05-29-2019

Are you allowed to reload the switches? You could backup the configs, edit them with the VLAN IP change, copy them back to startup-config and then perform a scheduled reload.

eyazhuk · ‎05-29-2019

Yeah, scheduled reload is ok.
But I just dont' get the way to do what you say.
Could you explain a bit? Backuping via "archive"?

Seb Rupik · ‎05-29-2019

The play would be something like this:

copy running tftp://10.10.10.1/device001.cfg

Now on the server (10.10.10.1) edit the file device001.cfg with the changes you want....remove VLAN1 SVI, create VLAN2 SVI and add IP address (also add the VLAN to the DB and make sure you are trunking it to where it need to go!)

Copy the edited config back to the switch:

copy tftp://10.10.10.1/device001.cfg startup

Now, ensure the system clock is correct and schedule a reload out of hours:

reload at 23:00

cheers,

Seb.

eyazhuk · ‎05-29-2019

Thanks! Not so easy, as I hoped, but it'l work.
Maybe I'll try to combine this method witch some scypting as omc79 suggested.

Giuseppe Larosa · ‎05-29-2019

Hello eyazhuk,

in order to perform a smooth migration you can do the following:

You can join the old Vlan and the new Vlan using two access-ports with spanning-tree bpdu-filter enable

This way you create a single broadcast domain.

In this way you can move one switch at time while keeping connectivity to all switches both in new Vlan and in old vlan.

Hope to help

Giuseppe

eyazhuk · ‎05-29-2019

Hi, Giuseppe.
Thanks for answer, idea is interesting, but I have to do this remotely.
So connecting any ports wont work.
‎

omz · ‎05-29-2019

Hi

Cannot see any "delayed config load" or "move ip" sort of features.. they do sound nice though :)

I think .. configuring a temp IP and removing the temp IP later might be the only way to go.

I agree .. it would tedious to do on 100+ devices. Perhaps you can script it?

eyazhuk · ‎05-29-2019

Yeah, maybe it's time for me to study some python at last :)

omz · ‎05-29-2019

Looks like learning Python has been postponed .. :)

omz · ‎05-29-2019

Hello again ..

I wrote a script to disable a feature on 800+ switches. May be you can use it .. ?

Script requires a text file in c:\ with all the IP addresses to connect.

#!/usr/bin/env python

# Author: Omer
# Date: 2019-05-29

import getpass
import netmiko
import paramiko
from datetime import datetime

def main():
	ssh_username = raw_input("SSH Username: ")
	ssh_password = getpass.getpass('SSH Password: ')

    start = datetime.now()
    total = 0
    with open("c:\ip-addresses.txt", "r") as devices:
        print 
        for device in devices:
            try:
                device = device.rstrip()
                ssh_session = netmiko.ConnectHandler(device_type='cisco_ios', ip=device, username=ssh_username, password=ssh_password, use_keys=False, allow_agent=False, auth_timeout=30, timeout=10)
                print("+++++ Connected to {0} +++++".format(device))
                output = ssh_session.send_command("conf t", expect_string=r'#')
		output += ssh_session.send_command("int vlan 2", expect_string=r'#')
		output += ssh_session.send_command("ip add 1.1.1.1 255.255.255.0", expect_string=r'#')
				
                print(output)
                
                command = "do wr me"
                
                print(ssh_session.find_prompt())
                output = ssh_session.send_command_timing(command)
		     
                if "confirm" in output:
                    output += ssh_session.send_command_timing("y", strip_prompt=False, strip_command=False)
                
                print(output)
                ssh_session.disconnect()
                total += 1
            except paramiko.SSHException as e:
                print('[ERROR] {}'.format(e))
                continue
                total += 1
        
    end = datetime.now()
    print
    print "Execution time: {} for {} devices.".format(end - start, total)

    
if __name__ == "__main__":
    main()

If you need any help with running it .. give us a shout.

Seb Rupik · ‎05-29-2019

Nice script, but in this scenario it will fail once the IP address is removed from VLAN1 as the send_command method will timeout.

cheers,

Seb.

omz · ‎05-29-2019

Cheers.. the script is only configuring the another IP .. not removing the initial one.

Will need to run it again with "no" commands.