11-19-2007 04:31 AM - edited 03-05-2019 07:30 PM
We will be shortly re-addressing our network and implementing a different Management VLAN. The current management VLAN is 1.
What I would like to know is what's the easiet way of doing the changes without possible having to visit every switch and consoling onto it?
Thanks
Jon
11-19-2007 05:20 AM
This something I have done often already. What you can do is this:
Create a script containing the modifications, something like:
ip default-gateway 1.2.3.254
int vlan 2 (or your new mgmt vlan id)
ip address 1.2.3.4 255.255.0.0
no shut
Then use the command: copy tftp run to transfer the commands to the switch using the old ip address. If I remember well, this shuts down vlan 1 or any other active mgmt vlan interface on a layer2 switch as it can have only one active mgmt interface.
Subsequently you can login to the switch on the new ip adress and manually remove the rest of the config on vlan 1 and issue a write.
Do not forget to modify your radius/tacacs if you have one and issue a clear arp to ensure that it can be resolved directly.
regards,
Leo
11-19-2007 05:52 AM
Hello,
I am readeing this and it relates well to what I need to do. I have a question though... What if we are using VTP? Is there anything else I need to consider?
11-19-2007 06:05 AM
William
VTP is really only concerned with layer 2 so you could use VTP to propogate vlan 2 across your switches before you run the commands to change the management interface.
Jon
11-19-2007 06:08 AM
We are using VTP in most cases, this makes no difference except the fact that the vlan must exist in the vtp domain to allow full connectivity.
This to consider:
Test your script on a test switch or one that is easily accessible.
Familiarize yourself with the procedure. You only get one chance to change the adress in this way, be sure all is correct.
Like I stated before, be aware of arp issues in relation with radius or tacacs. The old entry remains cached when you change it like this. Clear the arp cache on any connectivity issues.
User vlans are not affected so this can even be done under office hours.
regards,
Leo
11-26-2007 09:27 AM
Hello,
I have a silly question...
What if I wanted to have a whole bunch of loopback interfaces individually on our switches for management instead of these interface vlans? Is this a bad idea?
I'm not exactly sure how it would work though... We use VTP server (one on each) on each of our 6500's using GLBP. Would I create the interface vlans on each of the 6500's so they would get propagated in VTP? Or would I just create the loopback interfaces with IP's all in the same network?
Can someone suggest something?
Points to consider... (This is where we need the management)
We have 6500's at the Core (VTP Servers)
We have 4948's at the distribution layer (VTP Clients)
We have Nortel Baystacks and 2950's and 2960's in the risers (VTP Clients)
Thanks in advance :)
11-26-2007 10:19 AM
hello,
if you really need to use LO interface, you can do it only on L3 switches (6500 & 4948 in your case)
one method to do this will be to activate ip routing engine on L3 switches, and also you can use one routing protocol or static routes.
let suppose you already have vlan 10 for management and your eigrp is up and running on your 6500switches,
we can use this vlan for routing between L3 switches
for example:
ip routing
!
router eigrp 10
no auto-summary
network 172.16.2.15 255.255.255.255
network ip-address-from-management-vlan
!
int lo 10
no shut
ip address 172.16.2.15 255.255.255.255
!
i hope this answer will be helpfully
Bogdan
11-26-2007 10:33 AM
So no loopbacks then... :(
I want to have a consistent way to manage these layer two (Nortel's, 2950's, 2960's, and 4948's) and layer 3 6500's.
If I add a Vlan Interface on each of the VTP servers, the 6500's, (Say Vlan 251) How would it work? Would I add it like a regular Vlan interface? Use the 1st IP for the first VTP instance and the second IP for the second?
I guess I'm a bit confused on how this would work... Maybe
6500 #1 (They are both connected using GLBP)
Int Vlan 251
IP Address 192.168.251.1 255.255.255.0
6500 #2
Int Vlan 251
IP Address 192.168.251.2 255.255.255.0
That is really the part I'm not sure about?? If the full C class network for 251 is used for management... Do I just add the IP's to all of the switches and the 6500's one at a time and increment them?
11-26-2007 02:51 PM
Yes you would use the rest of the address space . You have a lot of other stuff you will to do too.
1. Add new layer 2 vlan 251 to 6500 vtp server
2. Add layer 2 vlan to trunk .
3. Change the layer 3 SVI interface to the new vlan and add your ip addressing on that new layer 3 SVI on your 2950's .
4. Set spanning tree for the new vlan up on the 6500's.
11-26-2007 02:57 PM
hello
i will suppouse, all your switches a part of same vtp domain, and 6500have server role, rest of them have client role in your vtp domain.
you can create vlan 251 us your management vlan on 6500 switches:
!
vlan 251
name management
!
after that you will need to create interface vlan 251 and assign some ip address to this one and also don't forget to create hsrp for this network
on first 6500:
!
int vlan 251
ip address 192.168.251.10 255.255.255.0
no shut
standby 1 ip 192.168.251.1
!
on second 6500:
!
int vlan 251
ip address 192.168.251.11 255.255.255.0
no shut
standby 1 ip 192.168.251.1
!
on next switches you can assign ip address from 192.168.251.20 to 253
also default gateway will be 192.168.251.1 for all your Layer 2 switches
!
ip default-gateway 192.168.251.1
!
int vlan 251
ip address 192.168.251.20 255.255.255.0
no shut
!
best regards,
vanguardro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide