Wozney Enterprises Limited

How To Change The IP Address Or Management VLAN Of A Device Remotely

One of the challenges of working with remote devices is when you have to change the IP address. For example, if you have to change an IP from 192.168.2.1 to 192.168.2.100 you might do this:

The Maverick Approach (when you don’t care about downtime)

Connect to the switch at 192.168.2.1

reload in 5
conf t
int vlan 1
ip address 192.168.2.100 255.255.255.0

Then connect to the switch at 192.168.2.100

reload cancel

And that’s it! If your initial IP change didn’t work your switch will reload and you’ll be back at 192.168.2.1, and you can try again.

A Safer Approach

Connect to the switch at 192.168.2.1

conf t
int vlan 1
ip address 192.168.2.101 255.255.255.0 secondary
end
exit

Then connect to the switch at 192.168.2.101

conf t
int vlan 1
ip address 192.168.2.100 255.255.255.0
end
exit

Then connect to the switch at 192.168.2.100 to make sure it worked, and to remove the staging IP.

conf t
int vlan 1
no ip address 192.168.2.101 255.255.255.0 secondary
end
exit

The reason we have to go through this contortion of using a third, temporary IP is because Cisco does not permit you to have a secondary IP without a primary IP configured.

More Complex Changes

The solution above works if you want to change the IP, but what if you need to do something more complex?  What if you need to move the management IP from one VLAN to another?  This might happen if you’re in an environment that was using VLAN 1 everywhere, and you’ve decided to enact of the recommendations in the Cisco Best Practices guide so now you need to move the management IP from VLAN 1 to VLAN 777.

In this case you can’t just configure 192.168.2.100 in VLAN 777, because that subnet already exists in VLAN 1.  You can’t remove the IP from VLAN 1, because then you’ll lose your connection to the device.

The solution is to use a script, as below.  You’ll note that my script included changing the VLAN of interface FastEthernet 1/0/1 to VLAN 777; this is the interface that my connection is coming through and because my management IP is going to be on VLAN 777 it is necessary to do this.  Make sure you think about what the final configuration will look like after your script completes, remember that you need to be able to connect to this device or else you’re going to have to reload and start over.

interface Vlan1
no ip address
interface vlan 777
ip address 192.168.2.1 255.255.255.0
interface fa 1/0/1
switchport access vlan 777

Create this script in a text file, and copy it to your device.  I used tftp.

Router#copy tftp flash:
Address or name of remote host []? tftp.server.com
Source filename []? device-vlan-script.text
Destination filename [device-vlan-script.text]?
Accessing tftp://tftp.server.com/device-vlan-script.text…
Loading device-vlan-script.text from tftp.server.com (via Vlan1): !
[OK - 133 bytes]
133 bytes copied in 0.025 secs (5320 bytes/sec)

Then I can confirm the contents are what I think they should be like this:

Router#more flash:/device-vlan-script.text
interface Vlan1
no ip address
interface vlan 777
ip address 192.168.2.1 255.255.255.0
interface fa 1/0/1
switchport access vlan 777

That looks right, so we can apply the script now.  I’m cautious when I’m working remotely, so I always set a reload timer; this way if something goes really wrong I can always get back to the original configuration.

Router#reload in 5
System configuration has been modified. Save? [yes/no]: yes
Building configuration…
[OK]
Reload scheduled for 15:19:39 PST Mon Mar 29 2010 (in 5 minutes) by paul on vty0 (wozney.ca)
Proceed with reload? [confirm]
Router#
***
*** — SHUTDOWN in 0:05:00 —
***

Now we can start the VLAN change!

Router#copy flash:/device-vlan-script.text running-config
Destination filename [running-config]?
133 bytes copied in 0.109 secs (1220 bytes/sec)
Router#

When I did this, my ssh session didn’t even drop.  All this really does it copy the contents of the file flash:/device-vlan-script.text right into the running configuration, and the device treats the commands just like it would when the device is booting up.  All I have to do now is cancel the timed reload.

Router#reload cancel
Router#
***
*** — SHUTDOWN ABORTED —
***

2 Responses to “How To Change The IP Address Or Management VLAN Of A Device Remotely”

  1. BGP Blackhole Community « WOZNEY enterprises ltd says:
    April 21, 2010 at 10:22 am

    [...] And here is a link to the original article that you were looking for! wozney.ca/2010/03/11/bgp-blackhole-community/ [...]

  2. How to change the IP address or management VLAN of a device remotely « WOZNEY enterprises ltd says:
    April 21, 2010 at 10:24 am

    [...] And here is a link to the original article that you were looking for! http://wozney.ca/2010/04/01/how-to-change-the-ip-address-or-management-vlan-of-a-device-remotely/ [...]

Leave a Reply

Who we are

Wozney Enterprises is an incorporated company with one employee: Paul Wozney.

Paul has over ten years of experience in the networking industry; he has worked as a network analyst for an ISP, managed WAN services for a multi-national corporation, managed a Linux mail implementation for over 3000 users, and is currently providing network consulting services to SMB companies.

More about Paul Wozney

What we do

Wozney Enterprises is a Select Certified Cisco Partner specializing in SMB networks; our services include network design, implementation, analysis and support services for switching, routing, wireless, security and voice.

We have several consultants that specialize in Linux servers; our Linux services include server design, installation, analysis and support for web applications, IP telephony and network management.

We have experience working with companies in marketing, mining, legal, education, real estate investment, and marine terminal operations.

More about our services

Paul is Offline

Paul’s not online for an IM chat right now, but you can give him a call
+1 604-629-9975
+1 866-748-0516