cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
676
Views
25
Helpful
17
Replies
Highlighted
Beginner

Changing managment Vlan, maintaning IP

Hi, colleagues.

 

I have a task of changing managment Vlan for all devices in the network.

It's rather simple with L3 devices, but some kind of puzzle with access switches, which are 2960 in my company.

Catch is: i have to maitain the IPs, but move it to another interface remotely (via ssh).

So, I can't just do something like

Interface Vlan1
no ip-address
Interface Vlan2
ip address ***

 cause I will loose connectivity on removing address from Vlan1.

Only possibility I see is - making some temprorary interface with temrorary address, than connect to it, move main address, and remove all temp stuff. But it'll take a bunch of time in case of 100+ devices.

It there another way to solve this? Some delayed config load, which will make it possible to load several commands at once, or some "move ip" possibilty?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

The play would be something like this:

 

copy running tftp://10.10.10.1/device001.cfg

 

Now on the server (10.10.10.1) edit the file device001.cfg with the changes you want....remove VLAN1 SVI, create VLAN2 SVI and add IP address (also add the VLAN to the DB and make sure you are trunking it to where it need to go!)

 

Copy the edited config back to the switch:

 

copy tftp://10.10.10.1/device001.cfg startup

 

Now, ensure the system clock is correct and schedule a reload out of hours:

 

reload at 23:00

 

 

cheers,

Seb.

View solution in original post

17 REPLIES 17
Highlighted
VIP Advisor

Hi there,

I'd suggest using an EEM script:

event manager applet re-ip-interface
event none action 0.1 cli command "enable" action 0.2 cli command "conf t" action 0.3 cli command "int vlan1" action 0.4 cli command "no ip address" action 0.5 cli command "int vlan2" action 0.6 cli command "ip address 192.168.0.254 255.255.255.0"

Then from the CLI you run it with: event manager run re-ip-interface

 

Cheers,

Seb.

Highlighted

Thanks, Seb!
EEM seems very useful, and I'll definitely use it in some other cases.
But unfortunately 2960 doesn't support it.
Highlighted

Are you allowed to reload the switches? You could backup the configs, edit them with the VLAN IP change, copy them back to startup-config and then perform a scheduled reload.

Highlighted

Yeah, scheduled reload is ok.
But I just dont' get the way to do what you say.
Could you explain a bit? Backuping via "archive"?
Highlighted

The play would be something like this:

 

copy running tftp://10.10.10.1/device001.cfg

 

Now on the server (10.10.10.1) edit the file device001.cfg with the changes you want....remove VLAN1 SVI, create VLAN2 SVI and add IP address (also add the VLAN to the DB and make sure you are trunking it to where it need to go!)

 

Copy the edited config back to the switch:

 

copy tftp://10.10.10.1/device001.cfg startup

 

Now, ensure the system clock is correct and schedule a reload out of hours:

 

reload at 23:00

 

 

cheers,

Seb.

View solution in original post

Highlighted

Thanks! Not so easy, as I hoped, but it'l work.
Maybe I'll try to combine this method witch some scypting as omc79 suggested.
Highlighted
Hall of Fame Master

Hello eyazhuk,

in order to perform a smooth migration you can do the following:

You can join the old Vlan and the new Vlan using two access-ports with spanning-tree bpdu-filter enable

This way you create a single broadcast domain.

In this way you can move one switch at time while keeping connectivity to all switches both in new Vlan and in old vlan.

 

Hope to help

Giuseppe

 

 

Highlighted

Hi, Giuseppe.
Thanks for answer, idea is interesting, but I have to do this remotely.
So connecting any ports wont work.
Highlighted
VIP Collaborator VIP Collaborator
VIP Collaborator

Hi 

Cannot see any "delayed config load" or "move ip" sort of features.. they do sound nice though :)

I think .. configuring a temp IP and removing the temp IP later might be the only way to go.

I agree .. it would tedious to do on 100+ devices. Perhaps you can script it?

 

 

 

Highlighted

Yeah, maybe it's time for me to study some python at last :)
Highlighted
VIP Collaborator VIP Collaborator
VIP Collaborator

Looks like learning Python has been postponed .. :) 

Highlighted
VIP Collaborator VIP Collaborator
VIP Collaborator

Hello again .. 

I wrote a script to disable a feature on 800+ switches. May be you can use it .. ?

Script requires a text file in c:\ with all the IP addresses to connect.

 

#!/usr/bin/env python

# Author: Omer
# Date: 2019-05-29

import getpass
import netmiko
import paramiko
from datetime import datetime

def main():
	ssh_username = raw_input("SSH Username: ")
	ssh_password = getpass.getpass('SSH Password: ')

    start = datetime.now()
    total = 0
    with open("c:\ip-addresses.txt", "r") as devices:
        print 
        for device in devices:
            try:
                device = device.rstrip()
                ssh_session = netmiko.ConnectHandler(device_type='cisco_ios', ip=device, username=ssh_username, password=ssh_password, use_keys=False, allow_agent=False, auth_timeout=30, timeout=10)
                print("+++++ Connected to {0} +++++".format(device))
                output = ssh_session.send_command("conf t", expect_string=r'#')
		output += ssh_session.send_command("int vlan 2", expect_string=r'#')
		output += ssh_session.send_command("ip add 1.1.1.1 255.255.255.0", expect_string=r'#')
				
                print(output)
                
                command = "do wr me"
                
                print(ssh_session.find_prompt())
                output = ssh_session.send_command_timing(command)
		     
                if "confirm" in output:
                    output += ssh_session.send_command_timing("y", strip_prompt=False, strip_command=False)
                
                print(output)
                ssh_session.disconnect()
                total += 1
            except paramiko.SSHException as e:
                print('[ERROR] {}'.format(e))
                continue
                total += 1
        
    end = datetime.now()
    print
    print "Execution time: {} for {} devices.".format(end - start, total)

    
if __name__ == "__main__":
    main()

If you need any help with running it .. give us a shout.   

Highlighted

Nice script, but in this scenario it will fail once the IP address is removed from VLAN1 as the send_command method will timeout.

 

cheers,

Seb.

Highlighted
VIP Collaborator VIP Collaborator
VIP Collaborator

Cheers.. the script is only configuring the another IP .. not removing the initial one. 

Will need to run it again with "no" commands.

Content for Community-Ad