cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2360
Views
10
Helpful
4
Replies

IP Management Address Migration for WLC and Switches

David Chancusi
Level 1
Level 1

Hello people at the Community:

 

I would like to ask for some help with the following issue: I would like to migrate the management IP addresses of several Switching / Wireless Cisco devices at a network (currently in production) from their current IP subnet to a new dedicated one.

 

A production network has two 3750 Core Switches (in logical stack acting as one), several 2960 Access Switches, and a 3500 WLC with around 10 lightweight APs as swhon in the following diagram:

Current Network DiagramCurrent Network Diagram

 

All of those devices have management IP addresses in the 192.168.5.0/24 network, but we have discovered that the 192.168.5.0/24 network also includes around 100 final hosts, so we want to migrate the management IP addresses of the Cisco devices to a new dedicated subnet, to have a better addressing scheme in the whole network.

 

The Core Switch has the following VLANs:

Vlans present in the Core SwitchVlans present in the Core Switch

So, with that idea in mind, I have several questions about the process:

 

- No one of those procedures (even for the Core or WLC) should implicate actual network downtime for the final users, right? I mean, I should only expect disconnection time from the the telnet/ssh/web session I have to the device when changing its management IP address, right?

 

- Based on the answer to the upper question, Is it recommended to do all those procedures on working hours? Or should it better be done after working hours?

 

- How mandatory is it to do the changes while on a Console session and Console Cable (that implies actual physical access to each device one at a time)?

 

- How should I change the management IP address of the most critical devices (like the Core stack or the WLC) with the least amount of disconnection (from the telnet/ssh/web access) I have to the device?

 

- Is there any special procedure for changing the management IP address of the WLC? Will that change affect the lightweight APs?

 

- Do you think those changes will somehow affect other devices in the networking scheme of the place? (Like the ISP router, or the firewall that is directly connected to the Core Switch).

 

If you need any more information, please let me know.

Thanks a lot for any help in this issue.

2 Accepted Solutions

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni

Hi

 

Changing the management IP on switches wouldn't impact users unless you're using the management svi to contact a radius server if your using dot1x features.

 

On the core switch, it's a simple svi and again no impact of your not using any specific features sourcing the traffic with the actual management svi. Anyways, you won't remove this subnet then at the end no impact. It will have an impact if you replace those specific features source interface by the new one (a small impact of everything is taken care of before proceeding to this change).

 

Will it impact ISP? Normally not because i believe you're not using the management vlan to interconnect.

Will you need to access all switches using console cable? 

Not mandatory. You can use a script to add the new management vlan on all trunks facing your access switches, configure the new mgmt svi and then remove the old one. This way you won't lose access and no need to physical access.

 

Now for wifi. I believe this management IP on your wifi wlc is also the AP manager where all APs are building their capwap tunnels. You'll need to add the new management interface and make him ap manager. What about your APs? In which vlans are they? You'll need to reload them in order to mount the capwap tunnel with the new management interface on the wlc.

 

Then, to summarize:

- wifi would have to be done out of business hours.

- switches can be done during business hours unless you're using specific features that relies on management interface like mentioned before.

 

Does that answer all your questions?

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

"Do you need some more information about the WLC/APs so we can sort out all the details of the procedure?"

 

It is not that complicated. However it will cause wireless outage for a short period of time (time taken you to do step 4-7)

Let's say you want to put AP/WLC onto vlan 25 - 192.168.25.0/24. This is what you have to do.

 

1. Define vlan 25 on your core/distribution switch and configure SVI 25 with it's gateway address (let's say 25.1). I would check that switch become STP root bridge for that vlan.

2. Define DHCP pool for that vlan on your DHCP server (if it is on 3750 switch, then on that)

3. Allow that vlan to your access layer switches

4. Change your 3504 management to new vlan. You can use below CLI command,if you have console access

(WLC1) >config interface address management 192.168.25.10 255.255.255.0 192.168.25.1

(WLC1) >config interface vlan management 25

 

With above configuration, you need to check switchport configuration that connects your WLC. Make sure vlan 25 is not native vlan on that trunk port.

 

interface GigabitEthernet1/0/x
description WLC1-3504
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk

 

5. Since WLC mgmt has been changed, your AP will be un-registered in this state. Now go to those switches that connects AP and change vlan to 25 on those switchport.

6. As long as AP get 192.168.25.x range IP, it should be able to register back to WLC

 

7. If you use any 802.1X SSID, then better to modify IP in radius server for WLC.

 

HTH

Rasika

*** Pls rate all useful responses ***

View solution in original post

4 Replies 4

Francesco Molino
VIP Alumni
VIP Alumni

Hi

 

Changing the management IP on switches wouldn't impact users unless you're using the management svi to contact a radius server if your using dot1x features.

 

On the core switch, it's a simple svi and again no impact of your not using any specific features sourcing the traffic with the actual management svi. Anyways, you won't remove this subnet then at the end no impact. It will have an impact if you replace those specific features source interface by the new one (a small impact of everything is taken care of before proceeding to this change).

 

Will it impact ISP? Normally not because i believe you're not using the management vlan to interconnect.

Will you need to access all switches using console cable? 

Not mandatory. You can use a script to add the new management vlan on all trunks facing your access switches, configure the new mgmt svi and then remove the old one. This way you won't lose access and no need to physical access.

 

Now for wifi. I believe this management IP on your wifi wlc is also the AP manager where all APs are building their capwap tunnels. You'll need to add the new management interface and make him ap manager. What about your APs? In which vlans are they? You'll need to reload them in order to mount the capwap tunnel with the new management interface on the wlc.

 

Then, to summarize:

- wifi would have to be done out of business hours.

- switches can be done during business hours unless you're using specific features that relies on management interface like mentioned before.

 

Does that answer all your questions?

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question


Thanks a lot for the kind reply. Regarding what you said:

 

Changing the management IP on switches wouldn't impact users unless you're using the management svi to contact a radius server if your using dot1x features. No: That is not the case, so there should not be impact.

 

On the core switch, it's a simple svi and again no impact of your not using any specific features sourcing the traffic with the actual management svi. Anyways, you won't remove this subnet then at the end no impact. It will have an impact if you replace those specific features source interface by the new one (a small impact of everything is taken care of before proceeding to this change). Actually the Core Switch has some routes using the 192.168.5.0/24 subnet. Here it is some more info of the Core Switch:

Some more info of the running-config of the Core SwitchSome more info of the running-config of the Core Switch

 

Anyway as you mention, we won't remove this subnet, so there should be no donwtime.

Will it impact ISP? Normally not because i believe you're not using the management vlan to interconnect. No, I guess we are not using the management vlan to interconnect.

Will you need to access all switches using console cable? 

Not mandatory. You can use a script to add the new management vlan on all trunks facing your access switches, configure the new mgmt svi and then remove the old one. I forgot I had to include the new vlan on the trunk links. I will do it. This way you won't lose access and no need to physical access. Sure. It was mostly a precaution. Anyway I should be ready to physically access the switches via console if needed.

 

Now for wifi. I believe this management IP on your wifi wlc is also the AP manager where all APs are building their capwap tunnels. I don't understand that: What do you mean by "AP manager where all APs are building their capwap tunnels"? How can I confirm that? You'll need to add the new management interface and make him ap manager. That sounds complicated. If you could elaborate on that procedure, it would be much appreciated. What about your APs? In which vlans are they? They irradiate several vlans. What info about this topic do you need? You'll need to reload them in order to mount the capwap tunnel with the new management interface on the wlc. They could be reloaded via the WLC web interface, right?

 

Then, to summarize:

- wifi would have to be done out of business hours. OK. Seems reasonable.

- switches can be done during business hours unless you're using specific features that relies on management interface like mentioned before.

 

Does that answer all your questions? I would really like to get some more information about the procedure to be done with the WLC. That seems to be the most complicated part of this scenario.

Do you need some more information about the WLC/APs so we can sort out all the details of the procedure?

 


I think we could be really close to solving this post. Thanks a lot for all the info given.

"Do you need some more information about the WLC/APs so we can sort out all the details of the procedure?"

 

It is not that complicated. However it will cause wireless outage for a short period of time (time taken you to do step 4-7)

Let's say you want to put AP/WLC onto vlan 25 - 192.168.25.0/24. This is what you have to do.

 

1. Define vlan 25 on your core/distribution switch and configure SVI 25 with it's gateway address (let's say 25.1). I would check that switch become STP root bridge for that vlan.

2. Define DHCP pool for that vlan on your DHCP server (if it is on 3750 switch, then on that)

3. Allow that vlan to your access layer switches

4. Change your 3504 management to new vlan. You can use below CLI command,if you have console access

(WLC1) >config interface address management 192.168.25.10 255.255.255.0 192.168.25.1

(WLC1) >config interface vlan management 25

 

With above configuration, you need to check switchport configuration that connects your WLC. Make sure vlan 25 is not native vlan on that trunk port.

 

interface GigabitEthernet1/0/x
description WLC1-3504
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk

 

5. Since WLC mgmt has been changed, your AP will be un-registered in this state. Now go to those switches that connects AP and change vlan to 25 on those switchport.

6. As long as AP get 192.168.25.x range IP, it should be able to register back to WLC

 

7. If you use any 802.1X SSID, then better to modify IP in radius server for WLC.

 

HTH

Rasika

*** Pls rate all useful responses ***

Hi @David Chancusi 

Well it sound no so difficult. For all your lan network you can create your new management VLAN and addressing, actually you can configure right now without any impact. Just be sure to allow the new management vlan on all your trunks ports. 

Now for the WLAN, you will have a downtime, to make this change quickly make sure to change all the AP ports to the new vlan, and change it from the WLC. I think you can have a downtime of 10 min maximum. 

 

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"

**Please rate the answer if this information was useful***

**Por favor si la información fue util marca esta respuesta como correcta**

*Tu reconocimiento nos alienta a seguir participando en los foros *

Espero que la información haya sido útil y si no tienes más preguntas recuerda cerrar el topic, seleccionando la respuesta como "Respuesta correcta"
**Please rate the answer if this information was useful***
**Por favor si la información fue util marca esta respuesta como correcta**
Review Cisco Networking for a $25 gift card